PIX keeps logging spoof errors, indicating possible attack or asymmetric routing


Wed, 07/22/2009 - 19:36
Jun 18th, 2009

Core issue

This can be caused by asymmetric routing or an IP spoof attack.


Make sure that the PIX does not have multiple paths that the device may be reached through. If it is not an asymmetric routing issue, then the PIX may be under attack by an IP spoofer.

To stop this type of attack, try the following steps.

  1. Configure an access list on the interface under attack to block the IP address.

2.   Configure the ip verify reverse-path feature.

3.   Contact your ISP and have them block that IP address.



This Document

Related Content