All,
I have been getting numerous packets on my external interface destined for
what would be private subnets. It is being directed at my Hide NAT IP I use
for external browsing (which is not the FW IP).
Here is a sample:
Port Source Destination Service
192.168.27.26 HideNATIP icmp
9827 192.168.19.34 HideNATIP tcp
192.168.168.193 192.168.168.1 icmp
12384 192.168.19.70 HideNATIP tcp
4248 192.168.11.63 HideNATIP tcp
24740 192.168.11.56 HideNATIP tcp
You get the picture. My anti-spoofing rules are dropping this traffic but
is there an easy (or not so easy) way to determine the real source address?
Do I need to place a sniffer on the outside and capture the traffic or can I
get this info from the firewall somehow?
thanks
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
