On Thu, 22 Feb 2001, David Loysen wrote:
> The destination address is my mail (exchange) server. The source
> address is sometimes different but always in the 192.168.0.0 range and
> the MAC address is always the same.
the MAC address is always your upstream router's interface that faces you,
i'm willing to wager.
> I am no expert on this stuff but I do know what IP spoofing is. What I
> don't understand is why I'm getting source addresses of 192.168.x.x on
> my WAN / Internet interface that are all from the same MAC but with
> different IP's.
again, your router rewrites the frame (in this case ethernet) and inserts
its own destination MAC address. the IP portions are untouched.
you should investigate better ingress filtering. and while you're at it
egress filtering.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
