I am having an issue with my 2821 (12.4(11)XW5, CCME 4.2) - it is generating ip spoof alerts on my Sonicwall TZ-170W. Every 12 minutes, my Sonicwall is picking up an IP Spoof from 169.254.98.91, port 138, to 169.254.255.255, port 138. The associated MAC address is my ISR's 0/0 interface. I know this looks like an auto-configuration range (like a Windows machine not getting an IP address) but the ISR is not a DHCP client (however it is a DHCP server on the 0/1 interface). Anyone got any ideas? I unfortunately cannot tell when this started as my firewall's log is filled with these alerts.