Here's one I can't figure out.
We just added a branch office to our WAN and set them up to get to their
mail from our server (Which is on the DMZ) I'm now getting an alarm which
states:
ALARM NO: 1
DATE: Friday, Sep 1, 2000
TIME: 10:22:06
INTERFACE: PRO (fxp2)
ALARM TYPE: Possible spoof
IP PACKET: TCP [10.100.1.10/110]-->[10.29.1.102/1076] l=0 f=0x12
[mail.burns-wilcox.com/110]-->[10.29.1.102/1076]
DETAILED DESCRIPTION:
Return interface for IP packet is different than arrival.
There is a static route from the GB to our WAN router which is:
Index IP Address Netmask Gateway
----- --------------- --------------- ---------------
28 10.29.0.0 255.255.0.0 10.1.1.1
The thing is, we have a few other offices (on different subnets) with the
SAME configuration, doing the same things, and generate no messages. What
should I be looking for?
Signing off,
Joseph C. Bender
Burns & Wilcox, Ltd
<[EMAIL PROTECTED]>
#include <std_disclaimer.h>
My opinions are not that of my employer unless stated otherwise.
