Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
5
Helpful
3
Replies

Spoof messages in my Cisco Pix 525

darwintovar
Level 1
Level 1

‎02-22-2007 07:11 AM - edited ‎03-11-2019 02:36 AM

Hi, two days ago, the cisco pix's messages shows the follow:

106016: Deny IP spoof from (127.0.0.1) to 10.82.239.198 on interface WAN

106016: Deny IP spoof from (127.0.0.1) to 10.82.239.230 on interface WAN

106016: Deny IP spoof from (127.0.0.1) to 10.82.239.8 on interface WAN

106016: Deny IP spoof from (127.0.0.1) to 10.82.239.236 on interface WAN

106016: Deny IP spoof from (127.0.0.1) to 10.82.239.198 on interface WAN

106016: Deny IP spoof from (127.0.0.1) to 10.82.239.230 on interface WAN

I had revised the cisco documentation but I don't find the answer. Please, may someone help me to know what does mean this??. What I should do for fix it??. I have some risk in my network?. Thank you for your help.

Labels:
0 Helpful
3 Replies 3

abinjola
Cisco Employee
Cisco Employee

‎02-22-2007 09:19 AM

hello,

well Pix is already doing its job and blocking/denying this attack

In order to find out the source of this attack you may set the captures on the firewall and then locate the offending host

Pix(config)#access-list incap permit ip host 127.0.0.1 10.82.239.0 255.255.255.0

Pix(config)#access-list incap permit ip 10.82.239.0 255.255.255.0 host 127.0.0.1

Pix(config)#capture incap access-list incap packet-length 1500 interface WAN

After setting these captures we would like to view the Captures in detail using the command :-

sh capture incap detail

the above command would help us to find out the MAC address of the culprit

using the above MAC address find out the IP address of the host in question

show arp | include 0003.ba71.67ed

inside 10.1.3.16 0003.ba71.67ed

here i assume the MAC to be 0003.ba71.67ed, but in your case it will be different (the one you will capture with the command sh capture incap detail)

Further if you would like to avoid this hitting the firewall then you may block this request on the router downstream to WAN Interface

see if it helps !

darwintovar
Level 1
Level 1
In response to abinjola

‎03-08-2007 07:09 AM

Hi abinjola!,

I did this and indeed I could solve the problem.

Thousand thanks.

0 Helpful

abinjola
Cisco Employee
Cisco Employee
In response to darwintovar

‎03-08-2007 08:57 PM

you'r welcome buddy....!

I am glad I was able to help ya...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card