SonicWall Alert - Intrusion Prevention - IP spoof dropped
Posted on 2009-05-07
I need help interpreting this alert log coming from my Firewall. I need to figure out what this Intrusion Prevention is.
At least 20 of these per hour:
Time: 05/07/2009 11:26:03
Category: Intrusion Prevention
Message: IP spoof dropped
Source: 169.254.99.56, 137, LAN
Destination: 10.83.32.8, 137, WAN, ws100098.bcr.local
Notes: MAC address: 00:02:b3:d8:bd:a2
This SonicWall is connected via site-to-site VPN to another office.
Local Network: 10.81.0.1 / 255.255.0.0
Remote Network via site-to-site VPN: 10.83.0.1 / 255.255.0.0
Please correct me if I'm wrong, but for now, my interpretation of this is that we have a machine on our LAN with IP 169.254.99.56, trying to communicate with another machine in our remote office with IP 10.83.32.8.
How do I locate this local machine with this 169.xx.xx.xx IP address, and why is it being treated as an intrusion??