Hi
We have PIX 515R with PIX version 5.2.3 installed, and we have the most
eluding problem.
For the last two days, traffic to certain webservers have been continuosly
affected (some kind of DoS attack) where the webservers stop receving any
traffic, and then they start again. I can usually restart the traffic by
executing "clear xlate" on the pix, or by restarting the webservers. But
this works only for a minute or so. Telnet and other backend servers are
not affected.
Looking at the pix logs I do not see anything weird. I saw yesterday some
PIX messages refering to an optional IP info rejected by the firewall. I
am going nuts here, does anyone know what is going on?? Could it be an
outside problem?? I have enabled and disabled ipdefarg/fixup
http/floddguard etc.. and nothing works.. Could the syslog have a problem
?? I even turned it off to check...
The configuration is as follows I changed the ips for illustration
purposes. If anyone has a clue to what it goin on, please email me.
Thanks
Adonis
PIX Version 5.2(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix
fixup protocol ftp 21
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol http 80
names
pager lines 20
no logging on
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 222.177.5.178 255.255.255.252
ip address inside 222.177.8.113 255.255.255.240
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
nat (inside) 0 222.177.8.112 255.255.255.240 0 0
static (inside,outside) 222.177.8.112 216.177.8.112 netmask
255.255.255.240 0 0
conduit permit tcp host 222.177.8.118 eq www any
conduit permit tcp host 222.177.8.114 eq www any
conduit permit tcp host 222.177.8.115 eq www any
conduit permit tcp host 222.177.8.116 eq www any
conduit permit tcp host 222.177.8.117 eq www any
conduit permit tcp host 222.177.8.115 eq smtp any
conduit permit tcp host 222.177.8.114 eq smtp any
conduit permit tcp host 222.177.8.114 eq 8080 any
conduit permit icmp any host 222.218.80.11
conduit permit tcp any host 222.177.7.43
conduit permit tcp any host 222.218.80.11
rip outside passive version 1
rip inside default version 1
route outside 0.0.0.0 0.0.0.0 222.177.5.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:30:00 absolute uauth 0:25:00 inactivity
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection timewait
no sysopt route dnat
service resetinbound
isakmp identity hostname
telnet timeout 25
ssh timeout 5
terminal width 80
--
Adonis El Fakih - President, CEO -- EGS, Inc.
70 Boston Road, Suite A301, Chelmsford MA 01824 USA
Fax (978) 244-0544 - [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
