Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] local interface address spoofing?

To: [email protected]
Subject: [FW-1] local interface address spoofing?
From: Yanek Korff <[email protected]>
Date: Tue, 20 Nov 2001 15:22:54 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I'm getting quite a few logs of the following format:

Type: log
Action: drop
Service: <hiport>
Source: <internal network broadcast address>
Destination: <internal host>
Proto: icmp
Rule: 0
S_Port: 771
Info: reason: local interface address spoofing.

Now, on that interface, I have anti-spoofing set to alert, and even if I set
it to none, the logs still show up.  I do not have any explicit or implicit
rules to allow ICMP.

What's going on here, and how do I stop from having these logged?

-Yanek.

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: Re: [FW-1] Log problem.
Next by Date: Re: [FW-1] Log problem.
Previous by thread: Re: [FW-1] Log problem.
Next by thread: Re: [FW-1] local interface address spoofing?
Index(es):
- Date
- Thread