Troubleshoot Firewall IP Spoofing events on our Internal Network
I hope this is in the correct category - It involves our LAN and Routing/Troubleshooting.
I have 15+ years computer, server and network support experience...but am by no means an expert. I've held my CCNA since 2001, but until the past 6 months, have never supported Cisco products on a full time basis as in my current position.
We have a network comprised of over 100 Cisco switches and routers, mostly utilizing 3750 model switches with approx. 1500 end-user systems in the field. We operate in a WAN environment, spread across approx. 20 miles. We utilize OSPF for routing.
Herein, I am referring to firewall responsibilities of our network.
Recent Firewall logs/reports have shown constant IP Spoofing events from our Firewall occurring on our Internal/LAN interface.
To the best of my ability, I believe some Wireless or other NICs on our network are improperly receiving Microsoft APIPA IP addresses (ie. 169.254.X.X) and as a result, are unable to route within our network - instead directed to our firewall and in turn, creating these unwanted events (hundreds upon hundreds per day).
I am seeking suggestions/guidance on how I can troubleshoot, isolate and ultimately resolve these instances - if possible. How can I trace/back trace the originating source host of these incorrect IPs and their traffic?
And yes, I do have time to be proactive unlike past positions...so time is not too much a concern. However, methodology and isolation approach to resolving this problem is what I need assistance in.
Does anyone here happen to have experience in this or would anyone be able to provide some insight on how I can begin/proceed to troubleshoot this issue, with full access to all Cisco devices, even if it involves Port Mirroring and Packet Sniffing.
Any and all suggestions would be appreciated!.
I wish to thank you in advance for your assistance, as well as attention to my inquiry within!!!!
Re: Troubleshoot Firewall IP Spoofing events on our Internal Net
The Cisco IOS Firewall feature set combines existing Cisco IOS firewall technology and the new context-based access control (CBAC) feature. When you configure the Cisco IOS Firewall feature set on your Cisco router, you turn your router into an effective, robust firewall.
If you want to know more please click following URL:
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...