In our site.
Specific host send sync to firewall using port 8081, 8082 constantly
a specific host is 10.1.1.13, 10.1.1.12
but the host is not real host.
we ping to 10.1.1.13, 10.1.1.12. but it doesn't reply our ping request.
So we searched to specific host's mac address in 6509
we lunched show ip arp | inc 10.1.1.13 , but the result didn't show to nothing
In my think. the attack supposed to ip spoofing .
if this attack is ip spoofing. how can i find the host that's flooding ip address, which didn't exist in our network.
is it a worm virus? anyone who suffered like to me?
have a good time.