Hi,
We are running "Cisco PIX Firewall Version 6.3(4)"
We are getting huge spikes through our Pix at odd hours of the night and day that last for up to an hour. It show up as hundreds (or even thousands) of this message:
== Apr 17 07:47:30 [66.xx.xx.xx.2.2] Apr 17 2005 07:47:30: %PIX-2-106016: Deny IP spoof from (66.xx.xx.255) to 62.xx.xx.xx on interface inside ==
Our IPs are the 66.xx.xx.xx range and the other IP (62.xx.xx.xx), which is not ours, often changes.
Is this flood of traffic coming from inside or ouside the Pix? I know it says it's getting refused at the inside interface, but it seems unclear to me which direction it came from.
Thanks, Mike