Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Spoofing Issue

To: "'[email protected]'" <[email protected]>
Subject: [FW1] Spoofing Issue
From: Patrick Baird <[email protected]>
Date: Fri, 6 Apr 2001 15:44:53 -0400
Sender: [email protected]

All,

  I have been getting numerous packets on my external interface destined for
what would be private subnets.  It is being directed at my Hide NAT IP I use
for external browsing (which is not the FW IP).

Here is a sample:

Port	Source			Destination	Service
	192.168.27.26		HideNATIP 	icmp
9827	192.168.19.34		HideNATIP 	tcp
	192.168.168.193	192.168.168.1	icmp
12384	192.168.19.70		HideNATIP 	tcp
4248	192.168.11.63		HideNATIP 	tcp
24740	192.168.11.56		HideNATIP 	tcp


You get the picture.  My anti-spoofing rules are dropping this traffic but
is there an easy (or not so easy) way to determine the real source address?
Do I need to place a sniffer on the outside and capture the traffic or can I
get this info from the firewall somehow?


thanks


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Where is the packet evaluated?
Next by Date: [FW1] port 110 to Internal mail server through DMZ
Previous by thread: RE: [FW1] Where is the packet evaluated?
Next by thread: Re: [FW1] Spoofing Issue
Index(es):
- Date
- Thread