Troubleshoot Firewall IP Spoofing events on our Internal Network

Unanswered Question

I hope this is in the correct category - It involves our LAN and Routing/Troubleshooting.

My experience:

I have 15+ years computer, server and network support experience...but am by no means an expert. I've held my CCNA since 2001, but until the past 6 months, have never supported Cisco products on a full time basis as in my current position.

Our problem:

We have a network comprised of over 100 Cisco switches and routers, mostly utilizing 3750 model switches with approx. 1500 end-user systems in the field. We operate in a WAN environment, spread across approx. 20 miles. We utilize OSPF for routing.

Herein, I am referring to firewall responsibilities of our network.

Recent Firewall logs/reports have shown constant IP Spoofing events from our Firewall occurring on our Internal/LAN interface.

To the best of my ability, I believe some Wireless or other NICs on our network are improperly receiving Microsoft APIPA IP addresses (ie. 169.254.X.X) and as a result, are unable to route within our network - instead directed to our firewall and in turn, creating these unwanted events (hundreds upon hundreds per day).

Posting objective:

I am seeking suggestions/guidance on how I can troubleshoot, isolate and ultimately resolve these instances - if possible. How can I trace/back trace the originating source host of these incorrect IPs and their traffic?

And yes, I do have time to be proactive unlike past time is not too much a concern. However, methodology and isolation approach to resolving this problem is what I need assistance in.

Does anyone here happen to have experience in this or would anyone be able to provide some insight on how I can begin/proceed to troubleshoot this issue, with full access to all Cisco devices, even if it involves Port Mirroring and Packet Sniffing.

Any and all suggestions would be appreciated!.

I wish to thank you in advance for your assistance, as well as attention to my inquiry within!!!!

Kindest Regards.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion