Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

bogus IP addresses on my Customers network

I have been examining some syslog output from an Inside perimeter ASA. he is sending out notifications due to the fact that he does not have a translation group for two addresses, which are 192.168.87.1 and 192.168.108.1 respectively.

These are not valid addresses on our network. We have a Core switch behind the Inside Interface of our Inside Perimeter ASA, and we have vlans configured in ranges 192.168.1.0 - thru 192.168.20.0, but nothing beyond that.

I am able to set a sniffer and capture traffic being generated with the 87.1 and 108.1 source addresses in the packets, and it is port 137. Our Windows domain controller gives an answer back to these two addresses with respect to the customers domain name.

When i perform a sho arp on the ASA, it has no record of 87.1 or 108.1.

Also I cannot ping the addresses from eihter the Core switch which is routing the VLAN's or the ASA.

The sniffer shows the source MaC address, and when I do a sho mac- | inc 84bf, it gives me back all of my VLAN interfaces.

Does anyone have any suggestions as to what I may be able to do to track where these bogus IP's are originating from?

Thanks

115
Views
0
Helpful
0
Replies