we are experiencing an IP-spoofing attack. We have a PIX 515 with 6 interfaces. On the intern interface we receive such error message:
PIX-1-106021: Deny udp reverse path check from 220.127.116.11 to 18.104.22.168 on interface intern
the Unicast RPF is configured on all interfaces.
Is this truely an attack? If yes, is there a chance to identify the MAC address of this IP? With other word, how can I identify the attacker?