Hi, I am having an issue with aparently valid packets being dropped - Reason: Spoof Attempt
Problem is, they should be fine and I have had to disable 'Discard spoofed packets' in order for the server monitoring software to get a response back - otherwise my server gets rebooted every 5 minutes due to no response.
Wingate firewall hit report:
Time: 23/07/2008 8:45:23 PM
Reason: Spoof Attempt
Source MAC address: 00-1B-D5-XX-05-XX
Destination MAC address: 00-30-48-XX-34-XX
Source IP Address: 10.5.XX.XX : 48769
Destination IP Address: 67.192.XX.XX : 25
Protocol: TCP
TCP flags: S
Time-to-live: 60
Wingate firewall hit report:
Time: 23/07/2008 2:15:06 AM
Reason: Spoof Attempt
Source MAC address: 00-1B-D5-XX-05-XX
Destination MAC address: 00-30-48-XX-34-XX
Source IP Address: 10.5.XX.XX : N/A
Destination IP Address: 67.192.XX.XX : N/A
Protocol: ICMP
Time-to-live: 60
Any suggestions where I should start?
Packet Spoof error?
Moderator: Qbik Staff
2 posts
• Page 1 of 1
Packet Spoof error?
by willtech » Jul 24 08 1:48 pm
1. The Truth is ALWAYS right.
2. If the facts would persuade you otherwise, see 1.
2. If the facts would persuade you otherwise, see 1.
- willtech
- Posts: 34
- Joined: Jun 16 06 10:17 pm
- Location: Victoria, Australia
Re: Packet Spoof error?
by adrien » Jul 28 08 12:23 pm
in WinGate, spoofing means the source address is private and it is received on an external interface.
In your case, with the DMZ being effectively external, but not using public IPs, you'll need to disable the spoof check (which it looks like you've done).
In your case, with the DMZ being effectively external, but not using public IPs, you'll need to disable the spoof check (which it looks like you've done).
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 20 guests