03-12-2015 04:18 AM - edited 03-11-2019 10:37 PM
Hi all,
we are facing the Ip spoofing issue and at time i was unable login to the firewall when spoofing was happend adn 121.241.249.101 and 28.29.30.31 are not my ips and anti spoofing has been enable in my firewall both inside and outside but we faced this problem,please help me out regarding this and please find the screenshot for better understanding
With regards,
Shiv
Solved! Go to Solution.
03-12-2015 05:23 AM
Hi Shiv,
"Ip verify reverse path" checks two things:
1. is a route present for that specific source?
2. is the packet comming on the right interface?
I would suggest to check the routing to exclude possible assymetic routing issues. If everything looks alright then it might be a real spoofing attack.
You can probably collect a capture on the inside interface to track the mac address of the spoofed ip from where the attacks are bring generated.
you have uRPF enabled on the firewall which is preventing against the spoofing attack.
03-12-2015 05:23 AM
Hi Shiv,
"Ip verify reverse path" checks two things:
1. is a route present for that specific source?
2. is the packet comming on the right interface?
I would suggest to check the routing to exclude possible assymetic routing issues. If everything looks alright then it might be a real spoofing attack.
You can probably collect a capture on the inside interface to track the mac address of the spoofed ip from where the attacks are bring generated.
you have uRPF enabled on the firewall which is preventing against the spoofing attack.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide