Re: ip spoofed packets on a LAN, how to identify the source ?



Andre Rodier wrote:
Hello everybody,

I have about five servers behind a Cisco ASA, using local IP addresses, like 192.168.0.0/24, on a switch. The Cisco gives access to internal services using static NAT, by IP/ports.

[snip]

So, it's a local server that send IP spoofed packets, and try to bounce on my server ? Is this thing possible, and if yes, do you know a way to identify the machine. The MAC address of the source packets is false...

It's not a Linux question, but ...

Even if the source MAC is spoofed, too, you can sometimes look in the arp table on your switch (before it expires, so you have to be fast) to see what port is associated with the suspect MAC address.

BTW, if the packet is making it through the ASA, then the source MAC address you see on your server would be the MAC of the ASA. Make sure the MAC you think is spoofed isn't really the ASA.

If you're not the switch admin, then make him your buddy. He might have extra diagnostic tools that can help. It kind of depends on the switch and how much instrumentation your company have around it.
.



Relevant Pages

  • Re: scan for machines in the subnet
    ... (no need to copy MAC addresses between leases files and config files). ... but which port on which switch). ... each manually configured server, ... Our printers change names when a new model is received (which generally ...
    (comp.os.linux.networking)
  • Re: ip spoofed packets on a LAN, how to identify the source ?
    ... like 192.168.0.0/24, on a switch. ... So, it's a local server that send IP spoofed packets, and try to bounce ... The MAC address of the source packets is false... ... BTW, if the packet is making it through the ASA, then the source MAC ...
    (comp.os.linux.security)
  • Re: Apple/Macs for the Army
    ... site is now being served by StarNine's WebSTAR Server Suite software ... Windows NT-based Web server. ... they decided to switch to WebSTAR on the Mac OS. ... The Army's switch was also to move to the WebSTAR Server Suite 4.0, ...
    (comp.sys.mac.advocacy)
  • Re: A cross-platform vision for Delphi
    ... It's not only the hardware and the option of running Windows, Mac OSX ... On the Server side, the licensing issues make running a Linux server ... If I had disposable funds to do so, I'd switch today. ...
    (borland.public.delphi.non-technical)
  • Re: ConnectComputer Problem
    ... I'm a little confused by your network configuration. ... Switch2 --- SBS Server ... switch has internet access all the time, the second switch has the client ... NICs ...
    (microsoft.public.windows.server.sbs)