Adam Shephard <adam.shephardfirstfederalbanking.com> writes:

> Hey all,
>
> I'm hoping somebody can give me an honest, "don't worry, it's nothing" kind
> of answer but I don't really see that happening.
>
> This weekend I started getting entries in my FW logs indicating that
> outbound packets were denied. The addresses were spoofed-all either 172. or
> 10.. This happens every day starting a couple of minutes before noon and
> goes on for 15 minutes exactly. During that time I get between 80 and 100
> entries, all denied (I log allows too). Then it stops until the next day.

[...]

Since the weird packets come at predictable times and are coming from
inside your network, try running tcpdump while it's happening. That
should give you more detail as to what's going on, and hopefully an
Ethernet address, which should help you track down what's sending
these packets.

----ScottG.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]