Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5853
Views
0
Helpful
2
Replies

Deny IP spoof. . .

1salvarez
Level 1
Level 1

‎03-05-2012 11:31 AM - edited ‎03-11-2019 03:38 PM

Can anyone give me more explanation on the following and is there anything I should be doing?:

<146>Mar 05 2012 11:37:06: %ASA-2-106016: Deny IP spoof from (0.1.0.4) to 0.1.0.4 on interface inside

Go the following from CISCO site:

106016 

Error Message    %PIX|ASA-2-106016: Deny IP spoof from (IP_address) to IP_address on 
interface interface_name.

Explanation    The Cisco ASA  discarded a packet with an invalid source address, which may include  one of the following or some other invalid address:

Loopback network (127.0.0.0)

Broadcast  (limited, net-directed, subnet-directed, and all-subnets-directed)

The destination host (land.c)

To further enhance spoof packet detection, use the conduit command to configure the Cisco ASA  to discard packets with source addresses belonging to the internal network. Now that the icmp command has been implemented, the conduit command has been deprecated and is no longer guaranteed to work properly.

Recommended Action    Determine if an external user is trying to compromise the protected network.  Check for misconfigured clients.

Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎03-05-2012 05:24 PM

Hello,

The ASA is doing its job, He is seeing a packet with a source ip address of 0.1.0.4, Should this be expected?????

I mean do you have a public subnet like 0.1.0.4 in the inside of your network ( behind the asa) because he is saying traffic from that ip address as a source going to the same ip address so it is kind of a strange situation.

I would say ASA is doing its job but I would need to have the answers of the previous mentioned questions..

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

JohnReam123
Level 1
Level 1
In response to Julio Carvajal

‎08-03-2012 03:12 PM

We had this exact same problem occur.  This worked for us:   It seems a USB Camera created a new network connection with a description of "Microsoft TV/Video Connection" on one of our PC machines. This connection had an Autoconfiguration IP Address of 0.1.0.4.   We tried to just right-click and disable it, but the system would not let us because it was using some resource.

So, we opened the TCP/IP properties, then the Advanced TCP/IP settings button, and under the DNS tab we unchecked the box for "Register this connection's addresses in DNS" and rebooted. The connection was no longer shown. This seems to have solved the issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card