ip spoof

I just started to see these in our logs

Source       Destination                                  Cisco Event        Result
0.14.2.10    X.X.X.X one of our public IP's 106016             Deny IP spoof

There have been 10 in the last few mins but different source IP's starting with 0.

Excuse my ignorance but what does it mean when the IP address starts from 0.?

Many Thanks!
Farmerbob212Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
0.x.x.x is a reserved block that is not available for public use.  http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml  It belongs to the Internet Assigned Numbers Authority (IANA).
0
Farmerbob212Author Commented:
So if it is a private IP is it coming from within the network? I usually see (inside-network) 192.168.x.x
0
Dave BaldwinFixer of ProblemsCommented:
Yes but 0.14.2.10 is not a 'private IP'.  It is in a reserved block for the Internet Assigned Numbers Authority (IANA) and you should never see it.   I don't know how they are managing to spoof that IP address.  I think it takes some low level programming to do that.
0
Rich RumbleSecurity SamuraiCommented:
You can spoof the src with a variety of programs, nmap being one of he easiest, it's already built-in. Spoofing isn't very effective outside of UDP. You should have bogons being denied, that's all of RFC 1918 (10.x.x.x, 192.168.x.x, 172.16.x.x) as well as others you don't want:
http://www.cisco.com/web/about/security/intelligence/firewall-best-practices.html#_Toc332806011
https://supportforums.cisco.com/document/12013356/implementing-anti-spoofing-access-list
It's typically nothing to worry about, especially in the TCP protocol.
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Farmerbob212Author Commented:
thank you very much for the advice!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.