Address Spoofing Alert

[DrkNite]

I'm seeing a lot of Address Spoofing Alert in the SmartDefence logs
but not getting a lot of info off of the log file it's self

Number: 499485
Date: 13May2008
Time: 11:00:19
Product: SmartDefense
Attack: Address Spoofing
Origin: gatecontrol
Type: Alert
Action:
Information: cpmad: CPMAD

above is all i'm getting
gatecontrol is the name of my SmartCenter Box
could this be a problem with my cluster servers
we did have a router turned on and put on the same ip as the virtual NIC of the cluster at which time the cluster was rebooted before we found out what had happened. the router was shut down and all was fine again it wasn't till a few days later is saw the alerts in the logs and they have continued ever since

however it it was the cluster I would have expected the error to come from them not smartcenter

[MarioL]

What kind of traffic is causing those errors? The source IP should give you clues as to what it might be.

[DrkNite]

thats the problem I'm not seeing a source address
everything showing in the log i put in the previous post, thats what makes this odd!

[MarioL]

What platforms are you running? That does seem strange.

[DrkNite]

I'm running R65 on

1 two box cluster Gateway
1 single box Gateway
1 smartcenter
All are running SPLAT

[MarioL]

On the "SmartDefense" Policy tab, if you go to "Network Security->Anti Spoofing configuration status", what does it show? Maybe check all the objects individually and make sure all is fine?

[kidem]

I have the same issue.... did u figure yours out? I get like 500 a day

here is my errorAddress Spoofing


SRVR is the Smartcenterserver

Number: 300304
Date: 5Jun2008
Time: 8:31:35
Product: SmartDefense
Attack: Address Spoofing
Origin: SRVR << this is the Smartcenter server
Type: Alert
Action:
Information: cpmad: CPMAD

Any ideas?