[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Spoofing Issue
All, I have been getting numerous packets on my external interface destined for what would be private subnets. It is being directed at my Hide NAT IP I use for external browsing (which is not the FW IP). Here is a sample: Port Source Destination Service 192.168.27.26 HideNATIP icmp 9827 192.168.19.34 HideNATIP tcp 192.168.168.193 192.168.168.1 icmp 12384 192.168.19.70 HideNATIP tcp 4248 192.168.11.63 HideNATIP tcp 24740 192.168.11.56 HideNATIP tcp You get the picture. My anti-spoofing rules are dropping this traffic but is there an easy (or not so easy) way to determine the real source address? Do I need to place a sniffer on the outside and capture the traffic or can I get this info from the firewall somehow? thanks ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|