I've recently installed my firewall. It's a Pix 515E (soon to be upgraded to a Pix 525), but since it's newly installed, I'm keeping a careful eye on it. In particular, I see the logs scrolling past, of all the attempts to connect that it wouldn't allow.
What has surprised me, is that these attempts are very simple. I wasn't actually expecting to see anything clever, but what I'm actually seeing, is about 95% attempts to log in with telnet.
That's prehistoric. Does anyone still use it? I don't. Like (I think) everyone else, I use ssh. But I see attempts to use the telnet port on all my computers from IP addresses all over the world.
What on earth do they think they're doing? Even if my firewall did allow telnet access through, none of my servers are set up to respond to telnet, and even if they were, you're going to need a username and password.
The other interesting thing I see, and again I have no explanation, is that occasionally there's a flood of UDP packets hitting the firewall, all from the same IP address, working through my range of IP addresses.
So, about that Pix 525.
The one I already had, was a failover device. It worked well, but it rebooted every 24 hours (as per design). So it was OK for a temporary measure, but not for the long term, becaue a reboot means no service for at least five minutes. But what was *very* nice about it, was the user interface for setting it up - web based, called ASDM, and very nice. It took much of the setup pain away.
So then I bid on Ebay for a Pix 525 with an "unrestricted" licence - that means it won't suffer from the rebooting problem. It arrived yesterday, and the parcel had an ominous rattle. When I opened the box, I could see why; it had been put through the Heathrow parcel-smashing machine. The plastic front panel was in smithereens, and the mounting brackets were bent. Inside the Pix, there were fragments of plastic from the catastrophe.
I told the seller that I'd be giving it a very thorough test before leaving feedback; the seller suggested that I report the issue to Ebay. I contacted Ebay, and they said that I should do a "refund request". They assured me that the seller wouldn't be the one to suffer, so I did that, including pictures of the smashed-up front, and the cardboard box, which was also somewhat damaged.
To my surprise, I got an immediate refund, which will come out of the carrier's pocket (the carrier at my end was Yodel, but I don't know where the damage happened). I wasn't actually after a refund, although I'm not going to refuse it. As far as I can tell, the Pix is working OK, although without its plastic front, it's a bit ... ugly.
But it's an old version of the software. Sigh. The version of the software is about halfway between the two versions that I know, so I had to adapt somewhat. But the configuration from my existing Pix 525 translated to the new Pix 525 quite well.