Hello, I have a Netscreen SSG-140 firewall which is reporting lots of IP spoofing events in it's logs but I figure out how to stop the alerts (without just switching them off).
The thing is that the spoofing seems to be coming from the firewall itself:
"IP Spoofing! From 192.168.10.0:1029 to 192.168.10.202:15868, proto TCP (zone Untrust, int ethernet0/2). Occured 1 times."
The firewalls Ip is 192.168.10.254 and the .202 address is the DNS server. Also the 15868 is the port used by websense which we are using on the firewall without any problems?
I'm not sure why traffic for the internal LAN is being seen on the Untrust interface I can't see any problems with the routing tables.
Any ideas of anything I can check?
thanks, Dave