We are running an FWSM - version 4.0(4) - for our campus firewall. Somehow, there are external IPs getting into the local-host table on the inside of our firewall. This, of course, is preventing us from getting to those IPs. Some of these IPs are sites that we really need to get to for business purposes (related off-campus research). Whenever we get a complaint about not being able to get to one of these particular sites, the first thing I do is look in the local-host table and, sure enough, it's in there. I clear it out and that solves the problem until it shows up in the table next time.
This sounds like a serious and subversive DOS attack possibility to me. Why does the firewall allow external IPs in the local-host table in the first place? How can we prevent external IPs from getting in the local-host table?
We are not running any NAT through the firewall.
Alton R. Pouncey, II