Printable View
I was checking my SonicWall log, and this turned up:
05/03/2004 18:07:28.048 FTP: PASV response spoof attack dropped
Source: 192.165.218.22, 21, WAN
Destination: 192.168.1.33, 3443, LAN
So what appears to be going on here? Is someone trying to spoof me?
is just ur firewall alerting u that an attack was detect and defeated. i advise u to ignore, since there are tons of attacks per second and its is impossible to seek out each one (except maybe is it is reocurring)
Here is a great resource. Should answer all of your questions.
http://www.sonicwall.com/services/pd...events_ref.pdf
*IP Spoof Detected - A packet with a source IP address and arriving at an interface that conflicts with the SonicWALL route table was detected and rejected by the SonicWALL.
Don't fret unless you can put it together with other attacks, false positives are a dime a dozen.
Don't fret unless you can put it together with other attacks, false positives are a dime a dozen.
Thanks InfoTech, that's exactly what I needed.
Well, it turns out it was our other tech guru who was the FTP that was blocked out, so all is well. That was a good lesson in log analysis nonetheless.
Thanks InfoTech, that's exactly what I needed.
Well, it turns out it was our other tech guru who was the FTP that was blocked out, so all is well. That was a good lesson in log analysis nonetheless.