Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
2
Replies

IP Spoofing

jimb
Level 1
Level 1

‎12-18-2003 09:22 AM - edited ‎03-09-2019 05:55 AM

I detected heavy traffic on the outside interface of my PIX that indicated an attempt to spoof with 127.0.0.1. I set up ACLs on my gateway routers to deny spoof attempts. On one router I had over 1 million matches for 127.0.0.0 I am also seeing inbound traffic from outside with source IPs assigned to nodes on the inside network, specifically, our email mx record IP address, our web site IP address, and our DNS server IP addresses. Anybody know what might be going on with these attempts to spoof IPs?

Labels:
0 Helpful
2 Replies 2

jmia
Level 7
Level 7

‎12-18-2003 09:58 AM

Hi James,

Try configuring ip verify reverse-path on your PIX to protect from spoofing, here's the cisco document:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#1053009

Hope this helps and let me know how you get on.

Regards - Jay.

0 Helpful

jimb
Level 1
Level 1
In response to jmia

‎12-18-2003 12:20 PM

Hi Jay,

Thanks forthe responce. I have it blocked, but I am wondering what it is that is generating the packets. It has the look of a virus or trogen, like blaster. Very odd.

Jim

0 Helpful
Customers Also Viewed These Support Documents