I got the following alarm last night (Real IP's XXXed out:
ALARM NO: 1
DATE: Friday, Aug 4, 2000
TIME: 09:03:46
INTERFACE: EXT (fxp0)
ALARM TYPE: Possible spoof
IP PACKET: TCP [10.20.10.12/80]-->[63.X.X.X/6660] l=0 f=0x11
[10.20.10.12/80]-->[63.X.X.X/6660]
DETAILED DESCRIPTION:
Return interface for IP packet is different than arrival.
The previous day, I had configured static routes for subnets that will be
added soon to our WAN, which are all private addresses, one subnet being
10.20.0.0. Our subnetting is based on RFC1918 for private addressing which
lists 10.0.0.0 as a Class A private subnet.
Is someone out there misconfigured (*or* spoofing), or have I miscalculated?
Signing off,
Joseph C. Bender,
Systems Analyst, Burns & Wilcox, LTD
<[EMAIL PROTECTED]>
248-932-9000
#include <std_disclaimer.h>
My opinions are NOT that of Burns&Wilcox Ltd.
