Mark Pays wrote:
I can see the very same thing happening to one of my firewalls. It looks
like some kind of attempt to spoof the loopback address. Run a tcpdump and
use -e to show ethernet source and dest MAC addresses. (I used tcpdump -n -e
-i eth4c0 host 127.0.0.1). When I did this the packets claiming to be from
127.0.0.1 are actually originating from the internet router MAC address. I
don't think it's of great concern as the firewall is dropping all the
packets but I'd be interested to hear if anyone knows anymore about it
though..
Yes. This has come up on this list many, many times.
http://msgs.securepoint.com/cgi-bin/get/fw1-0312/28/1.html
--
Crist J. Clark crist.clark AT globalstar DOT com
Globalstar Communications (408) 933-4387
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
