My gnatbox is created hundreds of log entries with the following:
2002-12-20 08:21:57,0,4,63.X.X.X,UDP,10.10.40.2,137,10.10.20.4,137,FILTER: Possible spoof; return interface dc1 doesn't match arrival interface: warning UDP [10.10.40.2:137]->[10.10.20.4:137] dc3 l=50 2002-12-20 08:21:57,0,4,63.X.X.X,UDP,10.10.40.2,137,10.10.20.4,137,FILTER: Possible spoof; return interface dc1 doesn't match arrival interface: warning UDP [10.10.40.2:137]->[10.10.20.4:137] dc3 l=50 dc1 is our Protected network dc3 is our PSN 10.10.40.2 is a ip address on our protected network. 10.10.20.3 is also on our protected network. If I am reading this right, the gnatbox is saying that a request came from 10.10.40.2 to 10.10.20.4 via dc3 (PSN) and the gnatbox returned it to dc1 (Protected). Is this right? If so, is this saying that a machine on my PSN with an ip address 10.10.40.2 attempted to access a server on my PROTECTED interface? Any help would be appreciated. Thank You, Randy Haley ETBU --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
