Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Spoofing

Hi,

We have installed ASA 5505 in production and getting huge following logs:

(106016) Deny IP spoof from(1.1.1.1) to 2.2.2.2 on interface outside

1.1.1.1 ----Outside Interface IP

2.2.2.2 ----Its a Internal Machine Public IP which is static using in static nat for internal machine.

Please advice, its an attack and what action need to be taken. Ray

3 REPLIES
Community Member

Re: Spoofing

Can anyone respond on this as we are getting same huge logs so I wud request to all experts kindly advice me what to do with it as our production services are being affected. Please advice on priority basis. Thanks Ray

Re: Spoofing

What does your topology look like? It would be much easier to answer I think.

--John

HTH, John *** Please rate all useful posts ***

Re: Spoofing

Per Cisco:

Explanation

This message is generated when a packet arrives at the security appliance interface that has a destination IP address of 0.0.0.0 and a destination MAC address of the security appliance interface. In addition, this message is generated when the security appliance discarded a packet with an invalid source address, which can include one of the following or some other invalid address:

*

Loopback network (127.0.0.0)

*

Broadcast (limited, net-directed, subnet-directed, and all-subnets-directed)

*

The destination host (land.c)

In order to further enhance spoof packet detection, use the icmp command to configure the security appliance to discard packets with source addresses belonging to the internal network. This is because the access-list command has been deprecated and is no longer guaranteed to work correctly.

*Recommended Action: Determine if an external user is trying to compromise the protected network. Check for misconfigured clients.

HTH,

--John

HTH, John *** Please rate all useful posts ***
284
Views
0
Helpful
3
Replies
CreatePlease to create content