• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 490
  • Last Modified:

Spoofed source address in wg firewall log

Scenario same machine with WG Fb100 mgnt console one nic card with static IP:
nbtstat -a "servername" shows a node using the spoofed address 169.254.65.133 for "lan address 2", which doesnt' exist when you look under nw connections.  Both the real IP and spoofed address info displayed reflect the same IP address.  The machine on ly has one nic card.  RRAS and any other service I can think of that could relate to this disabled/not running.  Machine is server 2k2.   WG example below of logged spoofed.  I'm not sure how else to troublehsoot this.  THe machine is running acronis mgmt console as well as vmware converter and a smtp service for avya unified messging sytem.  The entries were numerous in the firewall this a.m. and our internet slows down, but all the sudden stopped.   Any suggestion of where else on board to post this question, also, plese let me know.  
spoofed.bmp
0
dee30
Asked:
dee30
1 Solution
 
Mohamed OsamaSenior IT ConsultantCommented:
Are you sure this is not related to perhaps VMWARE virtual NAT / NIC settings ?
 
0
 
jahboiteCommented:
On the one hand, I would say that the source IP address looks like an APIPA configured address and would hint that the machine in question was unable to contact your DHCP server for a proper IP address (read more about APIPA at http://blogs.technet.com/networking/archive/2009/01/29/dhcp-client-behavior.aspx).

On the other hand, it seems mighty suspicious that the source would contact hosts on the internet via UDP 137 (NETBIOS Name Service)
0
 
jfer0x01Commented:
not necessarily,

enabling TCP/IP over Netbios can also cause this, it's essential for Exchange and other MSost apps in some cases

the ip range is apipa

Jfer
0
 
dee30Author Commented:
You're right about the netbios explanation on the UDP 137 port, while I haven't completely resolved the issue(s), so far.  Accepting and closing question, though.  Thx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now