Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
764
Views
0
Helpful
3
Replies

IP spoofing

dubzadmin
Community Member

‎08-19-2005 06:22 PM - edited ‎03-09-2019 12:12 PM

Hi, I am seeng repetitive entries of this anture from the pix log files:

Aug 20 11:54:07 192.168.100.1 %PIX-2-106016: Deny IP spoof from (224.0.0.2) to xxx.xxx.xxx.xxx on interface inside

And while I guess I can take some comfort in knowing it is all being denied, how do I track the source and eliminate this activity?

Thanks

Labels:
0 Helpful
3 Replies 3

spremkumar
Level 11
Level 11

‎08-19-2005 08:38 PM

Hi

AFAIK 224.0.0.2 is a multicast address being used by CGMP leave process and used to send HSRP hello messages.

Do confirm whether you have got either HSRP or CGMP being enabled on your devices??thay may be also a possible reason for this log message..

regds

0 Helpful

dubzadmin
Community Member
In response to spremkumar

‎08-19-2005 10:39 PM

Yes HSRP was configured on both routers in front of the PIX, I have editd the configs for those routers and removed any reference to "standby", but the messages are still appearing in the log files

0 Helpful

jmia
Level 11
Level 11
In response to dubzadmin

‎08-20-2005 01:04 AM

Dean,

Have a read of the following document:

http://www.cisco.com/en/US/tech/tk828/technologies_white_paper09186a00800a3e2b.shtml

Let me know if this helps.

Jay

0 Helpful
Customers Also Viewed These Support Documents