This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.002]Spoofed packets

Hi,
why does the UTM see devices on my second address on one external interface as spoofed packets?
I have a modem that requests ntp from the external interface additional address.


19:49:47 Spoofed packet UDP 10.99.99.250 : 3072 → 10.99.99.1 : 123 len=76 ttl=64 tos=0x00 srcmac=d8:5d:4c:f2:35:e4 dstmac=4c:72:b9:24:e0:21[FONT=monospace]
19:49:53 Spoofed packet UDP 10.99.99.250 : 3072 → 10.99.99.1 : 123 len=76 ttl=64 tos=0x00 srcmac=d8:5d:4c:f2:35:e4 dstmac=4c:72:b9:24:e0:21[/FONT]

Ian

This thread was automatically locked due to age.

0 BAlfson over 13 years ago

Hi, Ian,

What subnet mask do you have on that interface? Is 'Spoof protection' "normal" or "Strict?"

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 HMaster over 13 years ago

RFCat_vk,

Question, Do you have an external HDD-drive with LAN connection in your network?
Because I have the same issues also. And the IP addresses that are killing me are linked to both External Network drives.

Problem is.... How to get rid of these spoofs..
Cancel
Vote Up 0 Vote Down

Cancel
0 RFCat_vk_01 over 13 years ago in reply to HMaster

Hi folks,
the source address is a modem/router in bridge mode. The mask at both ends is /24.

Spoof set to normal.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 13 years ago

Ian, what happens if you make that Additional Address a /32?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 RFCat_vk_01 over 13 years ago in reply to BAlfson

Hi Bob,
the modem didn't like a /32 for an internal address. I tried a /30 and now the modem refuses to talk to me.
Looks like a cable directly to the modem to fix the access problem.

I have tried making the gateway on the modem the same address as itself, but the UTM still rejects the NTP requests as spoofed.

Ian
Cancel
Vote Up 0 Vote Down

Cancel