Cisco Pix 501 - reaching local host limit, showing odd IP addresses

Posted by cdonner on Server Fault See other posts from Server Fault or by cdonner
Published on 2010-01-25T16:46:08Z Indexed on 2010/03/15 8:09 UTC
Read the original article Hit count: 714

Filed under:
|

I am running out of licenses on my Pix 501, and the show local-host command lists a number of odd IP addresses that do not belong to my 10.10.1.* subnet. Any idea what they are? The only thing I could find was a potential ISP: DINSA is Defence Interoperable Network Services Authority, an agency of the Ministry of Defence of the United Kingdom. Does not sound right.

I don't see any active connections, though. I can't ping or traceroute these IPs, but they reappear after I clear the list, with various other addresses in that general range, up until the connection limit is reached. Based on the number denied, I suppose I would have a lot more of them had I not the connection limit. Very dubious. Is anybody else seeing this?

pixfirewall# show local-host
Interface inside: 10 active, 10 maximum active, **118 denied**
local host: <10.10.1.110>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <10.10.1.176>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <10.10.1.170>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 1/unlimited
  AAA:
  Xlate(s):
  Conn(s):


local host: <10.10.1.175>,
    TCP connection count/limit = 11/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 1/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <10.10.1.108>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <25.33.41.115>,   // ???????????????? what is this?
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <25.33.226.124>,   // ???????????????? what is this?
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <10.10.1.172>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <25.36.114.91>,     // ???????????????? what is this?
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <10.10.1.109>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

pixfirewall# 

© Server Fault or respective owner

Related posts about cisco-pix

Related posts about firewall