zorrox last edited by
I got this in my firewall event logs:
2011-10-06 14:42:49 alert IP spoofing! From 10.16.44.11:46767 to 184.108.40.206:6667, proto TCP (zone WebHosting, int ethernet2/1.1). Occurred 1 times.
2011-10-06 14:42:49 alert IP spoofing! From 220.127.116.11:2506 to 18.104.22.168:514, proto UDP (zone Untrust, int redundant1). Occurred 1 times.
How does the firewall define spoofing in the logs above?
I see that both IP 10.16.44.11 and 22.214.171.124 are in zone WebHosting, int ethernet2/1.1 and Untrust, int redundant1 respectively, so how do I know which interface the spoofing comes from? and to which zone/interface it is going to?
Is the firewall blocking the spoofing traffic? How can I trace from which host it comes from?