CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Topology Issues
Reload this Page Local interface address spoofing
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-06-23
b1tbuck3t b1tbuck3t is offline
Junior Member
  
Join Date: 2006-03-29
Posts: 6
Rep Power: 0
b1tbuck3t has an average reputation (10+)
Default Local interface address spoofing
Hello, I am receiving a drop on http request coming back from www.gotomypc.com . The information tab on the error from the tracker states( : Local interface address spoofing ) I am kind of confused why it is triggering on this website/network, all other www. request are normal? Its a nokia running r55, Any ideas
Last edited by b1tbuck3t; 2006-06-23 at 14:01.
Reply With Quote
  #2 (permalink)  
Old 2006-06-23
RobertGraham RobertGraham is offline
Senior Member
  
Join Date: 2006-02-02
Posts: 204
Rep Power: 3
RobertGraham has an average reputation (10+)
Send a message via MSN to RobertGraham Send a message via Yahoo to RobertGraham
Default Re: Local interface address spoofing
Maybe you could post some info on your config for that interface and the log entry. I'll be glad to post a response on that when I have more information.
Reply With Quote
  #3 (permalink)  
Old 2006-06-24
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: Local interface address spoofing
Ensure that all network interfaces are up and running. Which HFA do you use?
Reply With Quote
  #4 (permalink)  
Old 2006-06-24
b1tbuck3t b1tbuck3t is offline
Junior Member
  
Join Date: 2006-03-29
Posts: 6
Rep Power: 0
b1tbuck3t has an average reputation (10+)
Default Re: Local interface address spoofing
The current config on this box is a two interface fw. 1 public and 1 private address. The anti spoofing drop message is being flagged on the inside address/interface (192.x.x.x). For logs I am just using the smart tracker tool, it is accressed through an NT smart management station and triggering/filtering on the destination (www.gotomypc.com) http request.

I was looking at the Topology tab on the local interface and the antispoofing feature is checked and it is set as (internal leads to the local network) and (the specific address is selected (192.x.x.x)). Logging box is also checked.

I also tried specifying a network range for this web address in the rule base to see if I could get the return http traffic from being blocked as spoofing. It kept getting dropped as spoofed traffic.

HFA in checkpoint is that the hot fix info you are looking for? Can I find that throughthe smartdashboard set of tools or where is the info located on the nokia linux box?

What exact logs are you referring to?

Thanks
Last edited by b1tbuck3t; 2006-06-24 at 07:13.
Reply With Quote
  #5 (permalink)  
Old 2006-06-26
Lackie Lackie is offline
Senior Member
  
Join Date: 2005-08-22
Location: Ottawa, Canada
Posts: 347
Rep Power: 4
Lackie has an average reputation (10+)
Default Re: Local interface address spoofing
You shouldn't see the return traffic showing up in the tracker especially on the internal interface. Looking at the drop in tracker, what direction is the arrow pointing in the interface column? What is the source and destination IP's in that drop?
Reply With Quote
  #6 (permalink)  
Old 2006-06-27
melipla melipla is offline
Senior Member
  
Join Date: 2006-01-25
Posts: 849
Rep Power: 3
melipla has an average reputation (10+)
Default Re: Local interface address spoofing
Make sure your SmartDefense isn't enabled for this website:

SmartDefense -> Application Intelligence -> Remote Control Applications -> Block GoToMyPC

HTH
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 10:35.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0