https://community.cisco.com/t5/network-security/deny-ip-spoof-from-127-0-0-1/m-p/1480710#M726895 <HTML><HEAD></HEAD><BODY><P>thank you both for the answers.</P><P></P><P>i figured for sure it was coming form the outside but like i said, the debug wasn't very helpful when i was looking at it.</P><P></P><P>i'll setup a mirror port on my stack for the outside and see if i can catch it. thanks again, you've given me a great staring point.</P></BODY></HTML> Tue, 04 May 2010 14:22:42 GMT sysadmin 2010-05-04T14:22:42Z https://community.cisco.com/t5/network-security/deny-ip-spoof-from-127-0-0-1/m-p/1480707#M726892 <P>Greetings!</P><P></P><P>I have recently began to receive these errors on my ASA 5510. I've done a debug when it occurs but haven't noticed an unusual traffic coming from the internal or external network.</P><P></P><P>here's the error:</P><P></P><P>2|May 03 2010|12:04:08|106016|||||Deny IP spoof from (127.0.0.1) to OUR_EXT_IP on interface outside</P><P></P><P><BR />based on the message. should I be looking on the inside or outside of my fw? This is really the first time i've seen these messages so i'm sorta green to them.</P><P></P><P>if you need more logs, let me know and i can provide here. thanks for the help!</P> Mon, 11 Mar 2019 17:40:24 GMT https://community.cisco.com/t5/network-security/deny-ip-spoof-from-127-0-0-1/m-p/1480707#M726892 sysadmin 2019-03-11T17:40:24Z https://community.cisco.com/t5/network-security/deny-ip-spoof-from-127-0-0-1/m-p/1480708#M726893 <HTML><HEAD></HEAD><BODY><P>This is what syslog# 106016 means for your reference:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4768961">http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4768961</A></P><P></P><P>And the traffic is coming from the outside interface/external to your network.</P></BODY></HTML> Tue, 04 May 2010 03:19:12 GMT https://community.cisco.com/t5/network-security/deny-ip-spoof-from-127-0-0-1/m-p/1480708#M726893 Jennifer Halim 2010-05-04T03:19:12Z https://community.cisco.com/t5/network-security/deny-ip-spoof-from-127-0-0-1/m-p/1480709#M726894 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>It could be a virus attack or it could be that someone is trying to compromise the network by sending traffic using a soofed ip address. The best way would be take sniffer so that you could see the MAC address of the faulty machine/source.</P><P>Also, if you want to disable this log message, you can do that as well, as follows:</P><P>no logging message 106016</P><P><BR />HTH</P><P>Ashu</P></BODY></HTML> Tue, 04 May 2010 12:47:59 GMT https://community.cisco.com/t5/network-security/deny-ip-spoof-from-127-0-0-1/m-p/1480709#M726894 astripat 2010-05-04T12:47:59Z https://community.cisco.com/t5/network-security/deny-ip-spoof-from-127-0-0-1/m-p/1480710#M726895 <HTML><HEAD></HEAD><BODY><P>thank you both for the answers.</P><P></P><P>i figured for sure it was coming form the outside but like i said, the debug wasn't very helpful when i was looking at it.</P><P></P><P>i'll setup a mirror port on my stack for the outside and see if i can catch it. thanks again, you've given me a great staring point.</P></BODY></HTML> Tue, 04 May 2010 14:22:42 GMT https://community.cisco.com/t5/network-security/deny-ip-spoof-from-127-0-0-1/m-p/1480710#M726895 sysadmin 2010-05-04T14:22:42Z