17 years ago
We are running "Cisco PIX Firewall Version 6.3(4)"
We are getting huge spikes through our Pix at odd hours of the night
and day that last for up to an hour. It show up as hundreds (or even
thousands) of this message:
Apr 17 07:47:30 [66.xx.xx.xx.2.2] Apr 17 2005 07:47:30: %PIX-2-106016:
Deny IP spoof from (66.xx.xx.255) to 62.xx.xx.xx on interface inside
Our IPs are the 66.xx.xx.xx range and the other IP (62.xx.xx.xx), which
is not ours, often changes.
Is this flood of traffic coming from inside or ouside the Pix? I know
it says it's getting refused at the inside interface, but it seems
unclear to me which direction it came from.