[c-nsp] OOPS: Fining the host who is spoofing
Dan Lockwood
dlockwood at shastacoe.org
Tue May 24 14:26:19 EDT 2005
Hi all,
We have a few hosts on our network that are spoofing addresses. Our
uRPF configs stop the traffic from spreading off the local subnet but I
would like to track down the offending PC and fix the problem. The
issue that I'm having is that when I log the uRPF violations all I see
is something like:
.May 24 08:56:08.712 PDT: %SEC-6-IPACCESSLOGP: list 133 denied udp
172.16.76.192(0) -> 207.46.130.100(0), 1 packet
Is there some way to cross reference the uRPF violation to something
like a MAC address that can be associated with a device?
Thanks,
Dan
More information about the cisco-nsp
mailing list