Strange Network Traffic from Spoofed IP address.

Unanswered Question
Nov 27th, 2009

Hello All-

     I have been working on an issue for several days now, and I would like some input.  I stubbled upon some strange traffic while setting up a sys log server for my ASA.  I am recieving the following message:

%ASA-4-313005: No matching connection for ICMP error message: icmp src inside: dst inside: (type 3, code 13) on inside interface.  Original IP payload: udp src dst

This message is showing the "foreign IP" of sourced on the inside interface.  I believe that a machine on our LAN is being spoofed with this address.  The destination address of "" is not a vaild address.  We currently have no network.

My first step to track down this machine or machines that is creating this traffic has been:

I have setup the network on a Catalyst 3750 L3 switch.  I have attached a machine with a address and ran Wireshark in hopes to capture the packets in order to view the true source ip address?  I have been unsuccessful in this approach.

Can anyone provide any suggestions?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion