https://community.cisco.com/t5/network-security/what-does-this-asa-syslog-message-signafy/m-p/991004#M938220 <HTML><HEAD></HEAD><BODY><P>I looked up the syslog message on <A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1146532" target="_blank">http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1146532</A></P><P>I can not ping 192.168.1.182 on our lAN. Any suggestions?</P><P></P><P>Explanation The firewall received an ARP packet, and the MAC address in the packet differs from the ARP cache entry.</P><P></P><P>Recommended Action This traffic might be legitimate, or it might indicate that an ARP poisoning attack is in progress. Check the source MAC address to determine where the packets are coming from and check to see if it belongs to a valid host. </P></BODY></HTML> Tue, 06 May 2008 14:39:26 GMT saidfrh 2008-05-06T14:39:26Z https://community.cisco.com/t5/network-security/what-does-this-asa-syslog-message-signafy/m-p/991003#M938219 <P>05-06-2008 08:03:22 Local4.Warning 192.168.1.10 May 06 2008 08:02:30: %ASA-4-405001: Received ARP request collision from 192.168.1.182/001d.7e0a.0a70 on interface Inside</P><P></P><P>05-06-2008 08:02:17 Local4.Warning 192.168.1.10 May 06 2008 08:01:25: %ASA-4-405001: Received ARP request collision from 192.168.1.182/001d.7e0a.0a70 on interface Inside</P><P></P><P>05-06-2008 08:01:52 Local4.Warning 192.168.1.10 May 06 2008 08:01:00: %ASA-4-405001: Received ARP request collision from 192.168.1.182/0012.f07e.b6b9 on interface Inside</P><P></P> Mon, 11 Mar 2019 12:40:41 GMT https://community.cisco.com/t5/network-security/what-does-this-asa-syslog-message-signafy/m-p/991003#M938219 saidfrh 2019-03-11T12:40:41Z https://community.cisco.com/t5/network-security/what-does-this-asa-syslog-message-signafy/m-p/991004#M938220 <HTML><HEAD></HEAD><BODY><P>I looked up the syslog message on <A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1146532" target="_blank">http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1146532</A></P><P>I can not ping 192.168.1.182 on our lAN. Any suggestions?</P><P></P><P>Explanation The firewall received an ARP packet, and the MAC address in the packet differs from the ARP cache entry.</P><P></P><P>Recommended Action This traffic might be legitimate, or it might indicate that an ARP poisoning attack is in progress. Check the source MAC address to determine where the packets are coming from and check to see if it belongs to a valid host. </P></BODY></HTML> Tue, 06 May 2008 14:39:26 GMT https://community.cisco.com/t5/network-security/what-does-this-asa-syslog-message-signafy/m-p/991004#M938220 saidfrh 2008-05-06T14:39:26Z https://community.cisco.com/t5/network-security/what-does-this-asa-syslog-message-signafy/m-p/991005#M938221 <HTML><HEAD></HEAD><BODY><P>As the recommended action dictates verify whether the MAC address that corresponds to 192.168.1.182 is legitimate or is it an ARP poisoning (spoofing) attack. You should be able to verify that by checking the MAC address table of the switch(s) and look for the logged MAC address and that would lead you to the port the PC or whatever device is connected to.</P><P></P><P>HTH</P><P></P><P>Sundar</P></BODY></HTML> Tue, 06 May 2008 23:23:53 GMT https://community.cisco.com/t5/network-security/what-does-this-asa-syslog-message-signafy/m-p/991005#M938221 sundar.palaniappan 2008-05-06T23:23:53Z