[c-nsp] OOPS: Fining the host who is spoofing
Jared Mauch
jared at puck.nether.net
Tue May 24 14:29:52 EDT 2005
On Tue, May 24, 2005 at 11:26:19AM -0700, Dan Lockwood wrote:
> Hi all,
>
> We have a few hosts on our network that are spoofing addresses. Our
> uRPF configs stop the traffic from spreading off the local subnet but I
> would like to track down the offending PC and fix the problem. The
> issue that I'm having is that when I log the uRPF violations all I see
> is something like:
>
> .May 24 08:56:08.712 PDT: %SEC-6-IPACCESSLOGP: list 133 denied udp
> 172.16.76.192(0) -> 207.46.130.100(0), 1 packet
>
> Is there some way to cross reference the uRPF violation to something
> like a MAC address that can be associated with a device?
add 'log-input' to the end of that al 133
- jared
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the cisco-nsp
mailing list