Netscreen SSG140 IP spoofing

Netscreen SSG140 IP spoofing
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Netscreen SSG140 IP spoofing dbitnews@googlemail.com 05-18-2007
Posted by dbitnews@googlemail.com on May 18, 2007, 7:41 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello,
I have a Netscreen SSG-140 firewall which is reporting lots of IP
spoofing events in it's logs but I figure out how to stop the alerts
(without just switching them off).

The thing is that the spoofing seems to be coming from the firewall
itself:

"IP Spoofing! From 192.168.10.0:1029 to 192.168.10.202:15868, proto
TCP (zone Untrust, int ethernet0/2). Occured 1 times."

The firewalls Ip is 192.168.10.254 and the .202 address is the DNS
server.
Also the 15868 is the port used by websense which we are using on the
firewall without any problems?

I'm not sure why traffic for the internal LAN is being seen on the
Untrust interface I can't see any problems with the routing tables.

Any ideas of anything I can check?

thanks,
Dave


Posted by Alan Strassberg on May 19, 2007, 12:35 am
If you were  Registered and logged in, you could reply and use other advanced thread options
>Hello,
>I have a Netscreen SSG-140 firewall which is reporting lots of IP
>spoofing events in it's logs but I figure out how to stop the alerts
>(without just switching them off).

        Look under "Screening" in the WebUI. Be sure you're looking
        at the Trust zone. Likely you'll find something to uncheck
        in the Spoof section.

                                        alan

                                        alan

Similar ThreadsPosted
ARP Spoofing July 25, 2006, 7:14 am
IP Spoofing In My IP Range!!! January 20, 2005, 3:53 am
Defending ARP Spoofing November 6, 2005, 9:10 pm
Anti Spoofing on Firewall-1 April 14, 2005, 10:39 am
VPN problems from Linksys WAG54G to Netscreen 208 using netscreen client November 28, 2005, 5:36 pm
Netscreen 5gt vip September 17, 2005, 5:35 pm
VPN over NetScreen 5GT September 27, 2005, 3:05 am
Netscreen with PXE October 27, 2005, 4:45 pm
Netscreen 5GT October 27, 2005, 9:11 am
Netscreen-10 DMZ March 31, 2006, 4:32 am

The site map in XML format XML site map

Contact Us | Privacy Policy