https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/1892456#M458487 <P>Can anyone give me more explanation on the following and is there anything I should be doing?:</P><P>&lt;146&gt;Mar 05 2012 11:37:06: %ASA-2-106016: Deny IP spoof from (0.1.0.4) to 0.1.0.4 on interface inside</P><P></P><P>Go the following from CISCO site:</P><P>106016 </P><PRE>Error Message&nbsp;&nbsp;&nbsp; %PIX|ASA-2-106016: Deny IP spoof from (<EM>IP_address</EM>) to <EM style="font-style: italic;">IP_address</EM> on interface interface_name. </PRE><P>Explanation&nbsp;&nbsp;&nbsp; The Cisco ASA&nbsp; discarded a packet with an invalid source address, which may include&nbsp; one of the following or some other invalid address: </P><P>•<IMG border="0" height="2" src="http://www.cisco.com/en/US/i/templates/blank.gif" width="19" />Loopback network (127.0.0.0) </P><P> •<IMG border="0" height="2" src="http://www.cisco.com/en/US/i/templates/blank.gif" width="19" />Broadcast&nbsp; (limited, net-directed, subnet-directed, and all-subnets-directed) </P><P> •<IMG border="0" height="2" src="http://www.cisco.com/en/US/i/templates/blank.gif" width="19" />The destination host (land.c) </P><P> To further enhance spoof packet detection, use the conduit command to configure the Cisco ASA&nbsp; to discard packets with source addresses belonging to the internal network. Now that the <STRONG>icmp</STRONG> command has been implemented, the <STRONG>conduit</STRONG> command has been deprecated and is no longer guaranteed to work properly. </P><P> Recommended Action&nbsp;&nbsp;&nbsp; Determine if an external user is trying to compromise the protected network.&nbsp; Check for misconfigured clients. </P> Mon, 11 Mar 2019 22:38:25 GMT 1salvarez 2019-03-11T22:38:25Z https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/1892456#M458487 <P>Can anyone give me more explanation on the following and is there anything I should be doing?:</P><P>&lt;146&gt;Mar 05 2012 11:37:06: %ASA-2-106016: Deny IP spoof from (0.1.0.4) to 0.1.0.4 on interface inside</P><P></P><P>Go the following from CISCO site:</P><P>106016 </P><PRE>Error Message&nbsp;&nbsp;&nbsp; %PIX|ASA-2-106016: Deny IP spoof from (<EM>IP_address</EM>) to <EM style="font-style: italic;">IP_address</EM> on interface interface_name. </PRE><P>Explanation&nbsp;&nbsp;&nbsp; The Cisco ASA&nbsp; discarded a packet with an invalid source address, which may include&nbsp; one of the following or some other invalid address: </P><P>•<IMG border="0" height="2" src="http://www.cisco.com/en/US/i/templates/blank.gif" width="19" />Loopback network (127.0.0.0) </P><P> •<IMG border="0" height="2" src="http://www.cisco.com/en/US/i/templates/blank.gif" width="19" />Broadcast&nbsp; (limited, net-directed, subnet-directed, and all-subnets-directed) </P><P> •<IMG border="0" height="2" src="http://www.cisco.com/en/US/i/templates/blank.gif" width="19" />The destination host (land.c) </P><P> To further enhance spoof packet detection, use the conduit command to configure the Cisco ASA&nbsp; to discard packets with source addresses belonging to the internal network. Now that the <STRONG>icmp</STRONG> command has been implemented, the <STRONG>conduit</STRONG> command has been deprecated and is no longer guaranteed to work properly. </P><P> Recommended Action&nbsp;&nbsp;&nbsp; Determine if an external user is trying to compromise the protected network.&nbsp; Check for misconfigured clients. </P> Mon, 11 Mar 2019 22:38:25 GMT https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/1892456#M458487 1salvarez 2019-03-11T22:38:25Z https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/1892457#M458488 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>The ASA is doing its job, He is seeing a packet with a source ip address of 0.1.0.4, Should this be expected?????</P><P></P><P>I mean do you have a public subnet like 0.1.0.4 in the inside of your network ( behind the asa) because he is saying traffic from that ip address as a source going to the same ip address so it is kind of a strange situation.</P><P></P><P>I would say ASA is doing its job but I would need to have the answers of the previous mentioned questions..</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Tue, 06 Mar 2012 01:24:02 GMT https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/1892457#M458488 Julio Carvajal 2012-03-06T01:24:02Z https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/1892458#M458489 <HTML><HEAD></HEAD><BODY><P> We had this exact same problem occur.&nbsp; This worked for us:&nbsp;&nbsp; It seems a USB Camera created a new network connection with a description of "Microsoft TV/Video Connection" on one of our PC machines. This connection had an Autoconfiguration IP Address of 0.1.0.4.&nbsp;&nbsp; We tried to just right-click and disable it, but the system would not let us because it was using some resource.</P><P></P><P>So, we opened the TCP/IP properties, then the Advanced TCP/IP settings button, and under the DNS tab we unchecked the box for "Register this connection's addresses in DNS" and rebooted. The connection was no longer shown. This seems to have solved the issue.</P></BODY></HTML> Fri, 03 Aug 2012 22:12:18 GMT https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/1892458#M458489 JohnReam123 2012-08-03T22:12:18Z