IP Spoof



  • Hi

    I got this in my firewall event logs:

    2011-10-06 14:42:49 alert IP spoofing! From 10.16.44.11:46767 to 208.83.20.130:6667, proto TCP (zone WebHosting, int ethernet2/1.1). Occurred 1 times.
    2011-10-06 14:42:49 alert IP spoofing! From 212.177.14.19:2506 to 202.188.6.94:514, proto UDP (zone Untrust, int redundant1). Occurred 1 times.

    How does the firewall define spoofing in the logs above?

    I see that both IP 10.16.44.11 and 212.177.14.19 are in zone WebHosting, int ethernet2/1.1 and Untrust, int redundant1 respectively, so how do I know which interface the spoofing comes from? and to which zone/interface it is going to?

    Is the firewall blocking the spoofing traffic? How can I trace from which host it comes from?


 

49
Online

38.4k
Users

12.7k
Topics

44.5k
Posts