Packets with foreign destination and source hitting firewall.
Can someone explain this syslog entry? Both of these addresses are foreign to my network. Why would my firewall get a packet destined for 188.8.131.52 when that isn't within our public address range? In fact, how did this packet get past our router, which sits in front of the firewall? Again, neither of these addresses are within our network.
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:184.108.40.206/1066 dst outside:220.127.116.11/80
Re: Packets with foreign destination and source hitting firewall
there are two possible ways why the packets reach your firewall:
- misconfiguration by your provider
- use of IP options in the header of the IP packets. You can specify in the IP header which path (which routers) the packet should use to reach it's final destination. This is used in some kind of attacks that use IP Spoofing.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...