Hi guys,
I have a little problem, we have a Solaris running Check Point NG FP3,
and everything works fine. However in the logs we get continously (maybe
every 20 seconds or so) a drop log message that says:
Source: localhost
Destination: FW_EXTERNAL_IP_ADDRESS
Source port: http
Action: DROP
Reason: Loopback address spoofing.
I guess what does this log entry means, could be some internal hacker
trying to really spoof the loopback address of the firewall?, or maybe
is just a misconfiugration?. If so, how can I troubleshoot the problem?
I hope you can help me, thanks in advance!
_______________________________
José María Gabaldón
Network Security Engineer
email: jgabaldon AT cybertech.com DOT ve
www.cybertech.com.ve
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
