Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Deny IP spoof. . .

Can anyone give me more explanation on the following and is there anything I should be doing?:

<146>Mar 05 2012 11:37:06: %ASA-2-106016: Deny IP spoof from (0.1.0.4) to 0.1.0.4 on interface inside

Go the following from CISCO site:

106016

Error Message    %PIX|ASA-2-106016: Deny IP spoof from (IP_address) to IP_address on 
interface interface_name.

Explanation    The Cisco ASA  discarded a packet with an invalid source address, which may include  one of the following or some other invalid address:

Loopback network (127.0.0.0)

Broadcast  (limited, net-directed, subnet-directed, and all-subnets-directed)

The destination host (land.c)

To further enhance spoof packet detection, use the conduit command to configure the Cisco ASA  to discard packets with source addresses belonging to the internal network. Now that the icmp command has been implemented, the conduit command has been deprecated and is no longer guaranteed to work properly.

Recommended Action    Determine if an external user is trying to compromise the protected network.  Check for misconfigured clients.

Everyone's tags (1)
2 REPLIES

Deny IP spoof. . .

Hello,

The ASA is doing its job, He is seeing a packet with a source ip address of 0.1.0.4, Should this be expected?????

I mean do you have a public subnet like 0.1.0.4 in the inside of your network ( behind the asa) because he is saying traffic from that ip address as a source going to the same ip address so it is kind of a strange situation.

I would say ASA is doing its job but I would need to have the answers of the previous mentioned questions..

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Deny IP spoof. . .

We had this exact same problem occur.  This worked for us:   It seems a USB Camera created a new network connection with a description of "Microsoft TV/Video Connection" on one of our PC machines. This connection had an Autoconfiguration IP Address of 0.1.0.4.   We tried to just right-click and disable it, but the system would not let us because it was using some resource.

So, we opened the TCP/IP properties, then the Advanced TCP/IP settings button, and under the DNS tab we unchecked the box for "Register this connection's addresses in DNS" and rebooted. The connection was no longer shown. This seems to have solved the issue.

4691
Views
0
Helpful
2
Replies