I have recently began to receive these errors on my ASA 5510. I've done a debug when it occurs but haven't noticed an unusual traffic coming from the internal or external network.
here's the error:
2|May 03 2010|12:04:08|106016|||||Deny IP spoof from (127.0.0.1) to OUR_EXT_IP on interface outside
based on the message. should I be looking on the inside or outside of my fw? This is really the first time i've seen these messages so i'm sorta green to them.
if you need more logs, let me know and i can provide here. thanks for the help!
It could be a virus attack or it could be that someone is trying to compromise the network by sending traffic using a soofed ip address. The best way would be take sniffer so that you could see the MAC address of the faulty machine/source.
Also, if you want to disable this log message, you can do that as well, as follows:
no logging message 106016
This is what syslog# 106016 means for your reference:
And the traffic is coming from the outside interface/external to your network.