This is my 4th week at a new job. I'm walking into a somewhat hodgepodge network. The original IT manager setup up a bunch of domains. Like an unneccsary amount. it caused many problems, but my predicessor cleaned up as much as possible before I got here.
My sonicfire wall is getting the following message:
11/25/2003 11:43:25.560 IP spoof detected 192.168.1.219, 137, LAN 149.85.92.28, 137, WAN MAC address: 00.10.4B.15.20.BB
Internally we use a 192.168.2.X. perhaps way back when they used .1. the 149.85.92.28 is the old internal address of our PDC. I know that it is also a qualified external address but the IT person who set it up pulled the machines from another location and just left the IP scheme in tact and internally NATed that IP scheme. From what I've heard, that caused all sorts of problems.
The MAC address traces to an internal machine that uses the IP 192.168.2.47.
We also have an India office with a direct T1 connection.
Every 8 minutes or so I get an IP spoof warning. How can i trace it? Any suggestions would be appreciated.
Mike
My sonicfire wall is getting the following message:
11/25/2003 11:43:25.560 IP spoof detected 192.168.1.219, 137, LAN 149.85.92.28, 137, WAN MAC address: 00.10.4B.15.20.BB
Internally we use a 192.168.2.X. perhaps way back when they used .1. the 149.85.92.28 is the old internal address of our PDC. I know that it is also a qualified external address but the IT person who set it up pulled the machines from another location and just left the IP scheme in tact and internally NATed that IP scheme. From what I've heard, that caused all sorts of problems.
The MAC address traces to an internal machine that uses the IP 192.168.2.47.
We also have an India office with a direct T1 connection.
Every 8 minutes or so I get an IP spoof warning. How can i trace it? Any suggestions would be appreciated.
Mike