Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 1807 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spoofing

Taz_01
Hi,
yesterday I found in my logging the following:Jan 30 08:26:54 fw kernel: IP-SPOOFING Drop: IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:20:af:b9:32:5c:08:00 SRC=192.168.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=24318 PROTO=UDP SPT=67 DPT=68 LEN=308 
Jan 30 08:41:20 fw kernel: IP-SPOOFING Drop: IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:20:af:b9:32:5c:08:00 SRC=192.168.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=53758 PROTO=UDP SPT=67 DPT=68 LEN=308 
Jan 30 09:02:40 fw kernel: IP-SPOOFING Drop: IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:20:af:b9:32:5c:08:00 SRC=192.168.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=62718 PROTO=UDP SPT=67 DPT=68 LEN=308 
Jan 30 09:20:37 fw kernel: IP-SPOOFING Drop: IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:20:af:b9:32:5c:08:00 SRC=192.168.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=33548 PROTO=UDP SPT=67 DPT=68 LEN=308 

Does anyone know what is causing this? this is only on the internalinterface, not to the DMZ or to the outside...
greetz
Hans


This thread was automatically locked due to age.
Parents
  • 0
    I bet that you have a DHCP server?

    Your log tells me that there is a dhcp request on eth2 made on port 67/68. Bind DHCP-server on your internal interface (lan)

    Wat voor een connectie gebruik je Hans? Ik hoop ADSL? Kun je mij een beetje bijpraten.

    Greetings RJM.
  • 0 in reply to rob_01
    Nope, I am not using DHCP
    All my PC's in the internal net have there own IP Number, in the 192.168.0.xxx range.
    The source address is the Internal Interface from the firewall

    And sorry rob: I am using cable, not ADSL. They don't have it here yet   
Reply
  • 0 in reply to rob_01
    Nope, I am not using DHCP
    All my PC's in the internal net have there own IP Number, in the 192.168.0.xxx range.
    The source address is the Internal Interface from the firewall

    And sorry rob: I am using cable, not ADSL. They don't have it here yet   
Children
Unfiltered HTML