Spoofing

  • From: John Burridge <j.burridge@xxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 12 Mar 2002 13:03:07 -0000

Hi,

My ISA server is sending an alert as follows

ISA Server detected a spoof attack from Internet Protocol (IP) address
10.34.251.1. A spoof attack occurs when an IP address that is not reachable
via the interface on which the packet was received. If logging for dropped
packets is set, you can view details in the packet filter log.

If I understand this, someone is trying to pretend to be on my internal
network. 

Firstly, am I right in assuming ISA will just drop this packet.

Secondly, how is someone spoofing a private IP range? I.e. I thought that an
external router would discard any packet with a reserved address range.


Cheers,
John


Other related posts:

  • » Spoofing