I know this is more appropriate to the firewall toolkit users
list, but I just wanted to see if it has anything to do with
the messages about spoofing recently discussed.
I've removed the addresses (except the != addresses) from the
message in order to protect the innocent.
The following are excerpted from our logfile:
Jan 17 11:22:30 xxx netacl[9361]: securityalert: possible spoof
host1.domain.ch/xxx.xxx.xxx.xxx != 232.227.136.0 name lookup mismatch
Jan 17 11:22:39 xxx netacl[9362]: securityalert: possible spoof
host1.domain.ch/xxx.xxx.xxx.xxx != 232.227.136.0 name lookup mismatch
Jan 17 11:22:52 xxx netacl[9363]: securityalert: possible spoof
host1.domain.ch/xxx.xxx.xxx.xxx != 232.227.136.0 name lookup mismatch
Jan 22 20:21:16 xxx netacl[4525]: securityalert: possible spoof
host2.domain.com/yyy.yyy.yyy.yyy != 232.227.136.0 name lookup mismatch
Jan 22 20:21:20 xxx netacl[4526]: securityalert: possible spoof
host2.domain.com/yyy.yyy.yyy.yyy != 232.227.136.0 name lookup mismatch
I did a lookup on the two addresses given (host1 & host2), and they
are correct. I then did a whois on the 232.227.136.0 address and
there is nothing listed for it.
What exactly is this message telling me?
Thanks,
Chris
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Labatt-Simon Internet: labatt @
disaster .
com
Design & Disaster Recovery Consulting CIS: 73542,2601
Albany, New York PHONE: (518) 495-5474
FAX: (518) 432-1829
Subscribe to the Lotus Notes Mailing List (LNOTES-L) - mail for info..
For info on D&D, mail to info @
disaster .
com or http://www.disaster.com
INTERNET/UNIX/NETWARE/LAN/WAN SPECIALISTS AND MORE ALL UNDER ONE ROOF
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
