I have a firewall between my WISP network and the Internet. It is reporting:
01/10/2005 10:12:13.880 - IP spoof dropped - Source:X.Y.Z.4, 123, LAN - Destination:A.B.C.76, 123, WAN - MAC address: 00.0C.42.QQ.RR.SS -
My problem is that the IP and MAC is my Mikrotik router. MT is the first router for the customers and no customer is on the same subnet as the firewall.
There are muliple customers on the AP connected to the MT. What is the easiest way for me to figure out what machine is doing the spoofing.
It sounds like you’re using a SonicWALL Firewall..
First off the sonicwall will deem anything not on its subnet “Spoofed”. You have to add the subnet of your client PC’s in the sonicwall configuration somewhere.. I think its under the NETWORK tab.. I don’t remember..
Yes it is a SonicWall and I added the user subnets but not my admin subnet. I will try that tonight.
Thanks for the help
That took care of it. Thank you.