[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Chatter on Port 1996
The error "local interface address spoofing" usually indicates a routing loop. Check to see which interface catches the packet, and in what direction. I would guess that the packet is probably generated by the firewall itself, take a look at the source port as well. Mail me if you need more information about this error message. HTH, Michael. -----Original Message----- From: Beckster [mailto:[email protected]] Sent: Friday, December 22, 2000 6:23 PM To: Bob Wallis Cc: [email protected] Subject: Re: [FW1] Chatter on Port 1996 Set up a netcat listener and see what you catch.... ;-) B. > Bob Wallis wrote: > > Weird one for you all... FW-1 on Solaris, 1 Internet connection, 3 > DMZs (Web, WAN, and DNS... mostly just because we can...) > > We're seeing 1800 or so drops per day on port 1996 travelling from one > DMZ interface addresses destined for another interface address. It's > pretty consistent traffic - every half-minute or so. The drop shows > the packet hitting Rule 0 and the reason is "local interface address > spoofing". > > Port 1996 is a Cisco SRB port, but we have no Cisco gear in the DMZs > in question. Furthermore, I disconnected everything from the source > DMZ and **STILL SHE WALKS...** > > Check Point says it's got to be the Solaris box, because "nothing > Check Point does occurs on 1996". Can't imagine what the heck it is. > > Ugh. Has ANYBODY out there seen this before? > > Many Thanks... ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|