Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
0
Helpful
2
Replies

a fake IP

hanwucisco
Level 1
Level 1

‎05-23-2013 01:46 PM - edited ‎03-11-2019 06:48 PM

We have a subnet(within public IP addrss) that is drop (into Null0 interface) from our core switch in the Inside network. Therefore pinging it results destnation not reachable. however some company outside in the network compains to us that there is an IP sourced in that droped subnet visits them.

I checked with our Netflow which is also in the Inside zone, yet, there is records of this IP.

is it a fake IP? if so, how can I find the location of the IP?

thanks,

Han

Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-23-2013 04:05 PM

Hello Han,

It could be,

Do captures and check the logs of the devices downstream till you get the MAC-address of that host,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni

‎05-23-2013 11:15 PM

Hi,

I am not totally sure if I understood the situation correctly but are you saying that you both have this public subnet in your LAN network and there is also a static route towards Null0 for that same network?

If there are actual hosts using public IP addresses from that public subnet then wouldnt this mean that they can still initiate connections anywhere they want but there might be problem with return traffic getting forwarded through to Null0. Unless perhaps the subnet and Null0 route were on the same device and wouldnt the connected network override the Null0 route then?

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card