PIX keeps logging spoof errors, indicating possible attack or asymmetric routing

Document

Wed, 07/22/2009 - 19:36
Jun 18th, 2009

Core issue

This can be caused by asymmetric routing or an IP spoof attack.

Resolution

Make sure that the PIX does not have multiple paths that the device may be reached through. If it is not an asymmetric routing issue, then the PIX may be under attack by an IP spoofer.

To stop this type of attack, try the following steps.

  1. Configure an access list on the interface under attack to block the IP address.

2.   Configure the ip verify reverse-path feature.

3.   Contact your ISP and have them block that IP address.

Loading.

Actions

This Document

Related Content