 Weird anti-spoofing issue
Hi all,
I ran into some strange problem involving anti-spoofing. For some reason packets with the same SOURCE IP ADRRESS are coming from TWO DIFFERENT INTERFACES.
Initially, packets coming on the “wrong” interface were subject to anti-spoofing and got drooped (simply because this network WASN’T DEFINED as a network behind this interface). So, while the customer is trying to figure out why those packets got to the wrong interface in the first place, I simply ADDED THIS NETWORK to a topology (i.e. “behind this interface”). So long, so good BUT those packets are still got dropped?! For some odd reason the gateway is still considering those packets as spoofed although this network is a part of the group representing networks behind this interface. So, how can it be?
My best guess is one of those two:
I. Not only this network is defined as a network behind the RIGHT interface, BUT it is DEFINED ON THE INTERFACE (i.e. the network is 192.168.3.0/24 and the interface has 192.168.3.245). So, the gateway maybe considers this network as a directly connected and it’s impossible for those packets to appear on any other interface.
II. Because the packets appear on one interface just after they appeared on another the gateway has an ARP record which allows him to know on which interface this network is located.
Anyway, what do you think guys? Packets are still being dropped although the network was defined behind both interfaces.
Any suggestion would be appreciated,
Alex.  |