Netscreen SSG140 IP spoofing

Hello, I have a Netscreen SSG-140 firewall which is reporting lots of IP spoofing events in it's logs but I figure out how to stop the alerts (without just switching them off).

The thing is that the spoofing seems to be coming from the firewall itself:

"IP Spoofing! From 192.168.10.0:1029 to 192.168.10.202:15868, proto TCP (zone Untrust, int ethernet0/2). Occured 1 times."

The firewalls Ip is 192.168.10.254 and the .202 address is the DNS server. Also the 15868 is the port used by websense which we are using on the firewall without any problems?

I'm not sure why traffic for the internal LAN is being seen on the Untrust interface I can't see any problems with the routing tables.

Any ideas of anything I can check?

thanks, Dave

Reply to
dbitnews
Loading thread data ...

Look under "Screening" in the WebUI. Be sure you're looking at the Trust zone. Likely you'll find something to uncheck in the Spoof section.

alan

alan

Reply to
Alan Strassberg

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.