12-09-2009 11:47 PM
I have RV016 running on 3.0.0.1-tm. I noticed this in my System Log
Dec 10 01:24:58 2009 | Blocked | MAC 00-18-19-xx-xx-xx is in the allowed list, but has wrong IP. |
Dec 10 01:25:01 2009 | Blocked | MAC 00-1f-d0-xx-xx-xx is in the allowed list, but has wrong IP. |
Dec 10 01:25:01 2009 | Blocked | MAC 00-18-19-xx-xx-xx is in the allowed list, but has wrong IP. |
Dec 10 01:25:35 2009 | Blocked | MAC 00-21-e9-xx-xx-xx is in the allowed list, but has wrong IP. |
Dec 10 01:25:35 2009 | Blocked | MAC 00-18-19-xx-xx-xx is in the allowed list, but has wrong IP. |
I checked phisically on both machines (00-18-19-xx-xx-xx and 00-1f-d0-xx-xx-xx) and their IP is correct according to DHCP. Why am I getting this messages?
One of the MAC abve is of my machine that typing this from and its IP is ok.
I do have "Block MAC adress on the list with wrong IP address" selected (only)
Another thing is that I have a tooooons of these. Why is that?
Dec 10 01:41:01 2009 | Blocked - IP Spoofing | UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1 |
Dec 10 01:41:02 2009 | Blocked - IP Spoofing | UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1 |
Dec 10 01:41:02 2009 | Blocked - IP Spoofing | UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1 |
Dec 10 01:41:05 2009 | Blocked - IP Spoofing | UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1 |
Dec 10 01:41:05 2009 | Blocked - IP Spoofing | UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1 |
Dec 10 01:41:08 2009 | Blocked - IP Spoofing | UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1 |
Dec 10 01:41:09 2009 | Blocked - IP Spoofing | UDP x.x.x.101:55831->239.255.255.250:1900 on ixp1 |
Dec 10 01:41:09 2009 | Blocked - IP Spoofing | UDP x.x.x.101:55831->239.255.255.250:1900 on ixp1 |
Dec 10 01:41:12 2009 | Blocked - IP Spoofing | UDP x.x.x.101:55831->239.255.255.250:1900 on ixp1 |
x.x.x.101 is ip of my machine. Please look @ the frequency of these messages.
I think it is the same with latest firmware version 3.0.0.19) but I can't run it since this device becomes very sloow when multicast trafick is going trough it.
There is another post about this here by me describing this
01-04-2011 01:05 AM
I'm running on an RV042, firmware 1.3.12.19-tm, and I'm getting the same errors stating "MAC XX-XX-XX-XX-XX-XX is in the allowed list, but has wrong IP." My logs get filled with these errors. I have confirmed that the correct MAC addresses are entered with the respective IP addresses, but the problem persists.
I also use static addresses on my LAN with the options selected for "Block MAC address on the list with wrong IP address" and "Block MAC address not on the list."
07-26-2011 09:36 AM
We're having the same problem on a network here. A workstation is having the exact same issue:
Jul 26 01:05:44 2011 | Blocked - IP Spoofing | UDP X.X.X.X:1900->239.255.255.250:1900 on ixp1 |
Additionally we're seeing:
Jul 26 10:41:49 2011 | Connection Refused - Policy violation | TCP 74.125.93.104:80->X.X.X.X:64675 on ixp1 |
Would really like some clarification and help resolving these issues as it turns out that the second one results in many websites not being able to be used by the workstation. It's a Mac OS X workstation and is not suspect to any infections nor problems.
07-26-2011 01:17 PM
Hi,
Just reading the logs; the logs show that the router blocked a spoof ip address. It gives the source address and destination; basically ip spoofing is an IP packet with a forged source ip. So if the router sees different forged packets it will block this packet and log this information showing the source and destination. Also when a private address originates though WAN, this is also considered IP spoofing.
For indepth information on IP SPOOFING you can go to link below,
http://en.wikipedia.org/wiki/IP_address_spoofing
The second log shows the router refused a connection based on ACL’s inside the router. Show a tcp packet coming from Public address on port 80 with a destination of X.X.X.X port 64675 on xpi. In default ACL’s all traffic from wan to LAN is blocked unless otherwise specified
.Which table is being displayed (outgoing table or incoming table) some information might vary depending on which log table we are looking at.
Thanks,
Jasbryan
Cisco Support Engineer
.:|:.:|:.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide