Solved

Spoofed source address in wg firewall log

Posted on 2009-06-30
4
476 Views
Last Modified: 2013-11-16
Scenario same machine with WG Fb100 mgnt console one nic card with static IP:
nbtstat -a "servername" shows a node using the spoofed address 169.254.65.133 for "lan address 2", which doesnt' exist when you look under nw connections.  Both the real IP and spoofed address info displayed reflect the same IP address.  The machine on ly has one nic card.  RRAS and any other service I can think of that could relate to this disabled/not running.  Machine is server 2k2.   WG example below of logged spoofed.  I'm not sure how else to troublehsoot this.  THe machine is running acronis mgmt console as well as vmware converter and a smtp service for avya unified messging sytem.  The entries were numerous in the firewall this a.m. and our internet slows down, but all the sudden stopped.   Any suggestion of where else on board to post this question, also, plese let me know.  
spoofed.bmp
0
Comment
Question by:dee30
4 Comments
 
LVL 23

Expert Comment

by:Admin3k
ID: 24746870
Are you sure this is not related to perhaps VMWARE virtual NAT / NIC settings ?
 
0
 
LVL 12

Expert Comment

by:jahboite
ID: 24753443
On the one hand, I would say that the source IP address looks like an APIPA configured address and would hint that the machine in question was unable to contact your DHCP server for a proper IP address (read more about APIPA at http://blogs.technet.com/networking/archive/2009/01/29/dhcp-client-behavior.aspx).

On the other hand, it seems mighty suspicious that the source would contact hosts on the internet via UDP 137 (NETBIOS Name Service)
0
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 500 total points
ID: 24800151
not necessarily,

enabling TCP/IP over Netbios can also cause this, it's essential for Exchange and other MSost apps in some cases

the ip range is apipa

Jfer
0
 

Author Closing Comment

by:dee30
ID: 31598386
You're right about the netbios explanation on the UDP 137 port, while I haven't completely resolved the issue(s), so far.  Accepting and closing question, though.  Thx
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
why neglected? 3 64
Best firewall recommendation 12 169
Firewall connection 10 66
Sonicwall tz215 internet speed slow  help 56 540
This article summarizes using a simple matrix to map the different type of phishing attempts and its targeted victims. It also run through many scam scheme scenario with "real" phished emails. There are safeguards highlighted to stay vigilance and h…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now