03-07-2002 10:46 AM - edited 03-08-2019 09:59 PM
I would like to know what this message means on the PIX log.
106016: Deny IP spoof from (255.255.255.255) to 193.10.10.193 on interface inside
Thanks,
dthomaz
03-07-2002 11:24 AM
You will get this message when the PIX discards a packet from an invalid source address.
Check out the PIX manuals at the following link,
http://cisco.com/univercd/cc/td/doc/product/iaabu/pix/index.htm
pick the version that aplies and look at the System Log Message chapter.
You may find the following url useful
03-07-2002 06:29 PM
Read the the message below:
log #106016
Explanation This message is logged when the PIX Firewall discards a packet with an invalid source address. Invalid sources addresses are those addresses belonging to the following:
Loopback network (127.0.0.0)
Broadcast (limited, net-directed, subnet-directed, and all-subnets-directed)
The destination host (land.c)
Furthermore, if sysopt connection enforcesubnet is enabled, PIX Firewall discards packets with a source address belonging to the destination subnet from traversing the PIX Firewall and logs this message.
To further enhance spoof packet detection, use the conduit command to configure the PIX Firewall to discard packets with source addresses belonging to the internal network.
Action
Determine if an external user is trying to compromise the protected network. Check for misconfigured clients.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm#32161
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide