Skip to main content

IP Spoof

More
18 years 3 months ago #16065 by ramasamy
IP Spoof was created by ramasamy
Hi,

I am getting IP spoof between PIX outside interface and SNMP server which is in Inside network.

Is there any way to find this IP spoofing if so let me know.
More
18 years 3 months ago #16066 by Smurf
Replied by Smurf on topic Re: IP Spoof
Do you mean that you are getting traffic from the internet (outside) to an SNMP Server on your inside network with a spoofed source address ?

Is the spoofed address a private address range that is getting through to your inside network ? If so you should really be doing some RFC1918 filtering on your firewall anyhow. Even though your ISP should be doing this at their edge device its good practice to put into the access list (at the top) a rule to block all private address ranges.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
18 years 3 months ago #16115 by ramasamy
Replied by ramasamy on topic Re: IP Spoof
Hi,

No. The SNMP server is in inside network. And we are monitoring the inside interface of PIX. The SNMP server is in UK and we have a Leased Line The SNMP server is having a public IP adress but it is not monitoring through Internet the traffic is coming through the Leased line.

I am getting a IP spoof between the IP address of PIX outside Interface and the SNMP server. Both of them are my IP address and it is a public IP address.
Time to create page: 0.124 seconds