In this environment there is a Cisco ASA 5510 which sits between the Corporate LAN and WAN. Within the LAN there is a Nortel Layer 3 switch which handles the internal routing/switching. I have been trying to track down a couple of pcs for some time and have not had any luck in doing so. On a daily basis we are receiving the following syslogs (below). The logs dont concern me all that much considering the events are occurring on the inside interface, however the higher-ups are increasingly getting impatient to track these pc down.
Oct 23 2008 13:33:57: %ASA-1-106021: Deny UDP reverse path check from 169.254.70.48 to 184.108.40.206 on interface inside
Oct 27 2008 09:14:23: %ASA-1-106021: Deny TCP reverse path check from 10.87.7.224 to 220.127.116.11 on interface inside
The first system log is most likely a windows xp pc (169.254.0.0/24) which is trying to synchronize its time with a public time server. From my research a 169.254.0.0/24 is not routable so this means the pc should be on the same LAN which is connected to the ASA. I put my laptop on the LAN with a valid IP address and a 169.254.xx.xx and unfortunately have not been able to ping or find the MAC address for 169.254.70.48.
The second system log is a pc with an an IP that is outside of the local IP addressing scheme. Its most likely a pc sitting behind a low-end firewall which I cannot ping, tracert, etc. I am not sure as to how to track this pc down.
Any guidance on this would be greatly appreciated,