We have a PIX device where it are suffering some strange behavior. In the PIX device, we receive large amount of Deny IP spoof messages like this:
%PIX-2-106016: Deny IP spoof from ("Internet IP Address") to 0.0.0.0 on interface DMZ1
The "destination" IP address is always "0.0.0.0" and, as showed in the data info collected from our sniffer and illustrated in the topology, in all cases it is a "SYN" packet and it "seems" that this packet is originating from Local Director devices because through the sniffer we always have seen this packet going from the Local Director toward the PIX device.
We have at least 10 different Internet IP address with the same message ("Deny IP spoof") on the PIX device.
Anyone already suffer this kind of behavior?.