Hello,
We're using ASL 4.021, 3 NICs, external/LAN/DMZ and just got this on packet filter:
2004-Feb 20 10:02:36 (none) kernel: IP-SPOOFING Drop: IN=eth1 OUT= MAC=00:50:04:61:8f:9c:00:06:2a:a0:14:38:08:00 SRC=192.168.0.23 DST=xxx.xxx.xxx.xxx LEN=78 TOS=0x00 PREC=0x00 TTL=118 ID=8073 PROTO=UDP SPT=1028 DPT=137 LEN=58
or, in LiveLog form,
10:02:36 IP-SPOOFING Drop 192.168.0.23 1028 -> xxx.xxx.xxx.xxx 137 UDP IP SPOOFING
SRC HW 00:50:04:61:8f:9c:00
DST HW 06:2a:a0:14:38:08:00
eth1 is our external interface, xxx.xxx.xxx.xxx is the world (WAN) IP on eth1. There is no machine at 129.168.0.23 on the LAN. The MAC address of the eth1 NIC is 00:50:04:61:8F:9C, corresponding to the source MAC address logged. The destination MAC address does not seem familiar.
Despite doc perusing and Googling, it is still not clear to me exactly what has been attempted and what, if any, consequences we should take. I'd be grateful if someone could elucidate. Thanks for reading.
This thread was automatically locked due to age.
