The error "local interface address spoofing" usually indicates a routing
loop.
Check to see which interface catches the packet, and in what direction.
I would guess that the packet is probably generated by the firewall itself,
take a look at the source port as well.
Mail me if you need more information about this error message.
HTH,
Michael.
-----Original Message-----
From: Beckster [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 22, 2000 6:23 PM
To: Bob Wallis
Cc: [EMAIL PROTECTED]
Subject: Re: [FW1] Chatter on Port 1996
Set up a netcat listener and see what you catch.... ;-)
B.
> Bob Wallis wrote:
>
> Weird one for you all... FW-1 on Solaris, 1 Internet connection, 3
> DMZs (Web, WAN, and DNS... mostly just because we can...)
>
> We're seeing 1800 or so drops per day on port 1996 travelling from one
> DMZ interface addresses destined for another interface address. It's
> pretty consistent traffic - every half-minute or so. The drop shows
> the packet hitting Rule 0 and the reason is "local interface address
> spoofing".
>
> Port 1996 is a Cisco SRB port, but we have no Cisco gear in the DMZs
> in question. Furthermore, I disconnected everything from the source
> DMZ and **STILL SHE WALKS...**
>
> Check Point says it's got to be the Solaris box, because "nothing
> Check Point does occurs on 1996". Can't imagine what the heck it is.
>
> Ugh. Has ANYBODY out there seen this before?
>
> Many Thanks...
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
