[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 489
  • Last Modified:

Spoofed source address in wg firewall log

Scenario same machine with WG Fb100 mgnt console one nic card with static IP:
nbtstat -a "servername" shows a node using the spoofed address 169.254.65.133 for "lan address 2", which doesnt' exist when you look under nw connections.  Both the real IP and spoofed address info displayed reflect the same IP address.  The machine on ly has one nic card.  RRAS and any other service I can think of that could relate to this disabled/not running.  Machine is server 2k2.   WG example below of logged spoofed.  I'm not sure how else to troublehsoot this.  THe machine is running acronis mgmt console as well as vmware converter and a smtp service for avya unified messging sytem.  The entries were numerous in the firewall this a.m. and our internet slows down, but all the sudden stopped.   Any suggestion of where else on board to post this question, also, plese let me know.  
spoofed.bmp
0
dee30
Asked:
dee30
1 Solution
 
Mohamed OsamaSenior IT ConsultantCommented:
Are you sure this is not related to perhaps VMWARE virtual NAT / NIC settings ?
 
0
 
jahboiteCommented:
On the one hand, I would say that the source IP address looks like an APIPA configured address and would hint that the machine in question was unable to contact your DHCP server for a proper IP address (read more about APIPA at http://blogs.technet.com/networking/archive/2009/01/29/dhcp-client-behavior.aspx).

On the other hand, it seems mighty suspicious that the source would contact hosts on the internet via UDP 137 (NETBIOS Name Service)
0
 
jfer0x01Commented:
not necessarily,

enabling TCP/IP over Netbios can also cause this, it's essential for Exchange and other MSost apps in some cases

the ip range is apipa

Jfer
0
 
dee30Author Commented:
You're right about the netbios explanation on the UDP 137 port, while I haven't completely resolved the issue(s), so far.  Accepting and closing question, though.  Thx
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now