('binary' encoding is not supported, stored as-is) I am seeing this on my router syslog after I applied an access list on the internal interface. Can anyone tell me what this could be? The 68.84.8.41 is a comcast IP that is active on the network; however, someone inside our network is attempting to use it to go out to other sites? Thanks for your help. l7.Info X.X.X.X 38644: .Oct 21 13:40:27: %SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 67.34.160.17(0), 1 packet 2002-10-21 13:35:37 Local7.Info X.X.X.X 38645: .Oct 21 13:40:28: % SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 217.121.116.154 (0), 1 packet 2002-10-21 13:35:38 Local7.Info X.X.X.X 38646: .Oct 21 13:40:29: % SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 141.156.130.147 (0), 1 packet 2002-10-21 13:35:39 Local7.Info X.X.X.X 38647: .Oct 21 13:40:30: % SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 68.9.184.233(0), 2 packets 2002-10-21 13:35:40 Local7.Info X.X.X.X 38648: .Oct 21 13:40:32: % SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 24.203.121.105 (0), 1 packet 2002-10-21 13:35:41 Local7.Info X.X.X.X 38649: .Oct 21 13:40:33: % SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 67.82.63.49(0), 1 packet ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 21 2002 - 15:57:27 PDT