Thread: Another anti-spoofing issue
View Single Post
  #1 (permalink)  
Old 2007-05-31
crucial crucial is offline
Member
  
Join Date: 2006-03-24
Posts: 51
Rep Power: 3
crucial has an average reputation (10+)
Default Another anti-spoofing issue
My firewall log is filling up with address spoofing messages from a specific host on our internal network.

The address is x.192.240.10, a DNS server with a public IP on the internal network. This host is repeatedly being blocked by address spoofing when attempting to reach each of the root DNS servers on UDP/53 :

a.root-servers.net
b.root-servers.net
c.root-servers.net
etc

The antispoofing is manually configured on the cluster interface. On the internal interface, the group contains two networks for antispoofing: x.192.192.0/18 and 10.0.0.0/8

There is no NAT being done on this server.

The x.192.192.0/18 group should include the x.192.240.10 host for anti-spoofing. Any help is greatly appreciated. Thanks
Reply With Quote