12-18-2003 09:22 AM - edited 03-09-2019 05:55 AM
I detected heavy traffic on the outside interface of my PIX that indicated an attempt to spoof with 127.0.0.1. I set up ACLs on my gateway routers to deny spoof attempts. On one router I had over 1 million matches for 127.0.0.0 I am also seeing inbound traffic from outside with source IPs assigned to nodes on the inside network, specifically, our email mx record IP address, our web site IP address, and our DNS server IP addresses. Anybody know what might be going on with these attempts to spoof IPs?
12-18-2003 09:58 AM
Hi James,
Try configuring ip verify reverse-path on your PIX to protect from spoofing, here's the cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#1053009
Hope this helps and let me know how you get on.
Regards - Jay.
12-18-2003 12:20 PM
Hi Jay,
Thanks forthe responce. I have it blocked, but I am wondering what it is that is generating the packets. It has the look of a virus or trogen, like blaster. Very odd.
Jim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide