Menu
▾
▴
#578 IP Spoof messages from firewall
AWSTATS VERSION (no support for older versions than 3.0 and beta versions):
3.2 (build 84)
OS (Windows/Unix) + VERSION : Windows NT4
WEB SERVER NAME (IIS/Apache/...) + VERSION : IIS4
PERL INTERPRETER NAME + VERSION (if known) : ActiveState
If your site is online, give your awstats URL: http://www.tbri.com/stats/cgi-
bin/awstats.pl
Your problem description :
Would there be any reason we are getting "IP spoof detected" messages from
our firewall (SonicWall) when the awstats.pl script is run. The message is:
01/08/2002 05:07:12.768 -
IP spoof detected -
Source:146.115.100.100, 137, DMZ -
Destination:170.252.80.2, 137, WAN -
MAC address: 00.B0.D0.20.3A.9F -
We get these once per hour, which coincides with when the perl script is run on
the server. The "Destination" IP address will change on each message, but all
other "fields" will remain the same.
Note: our web server, which is behind a firewall, has three NIC cards,
the "Source" address above is one of them.
Thanks much!
Logged In: YES
user_id=53583
I doubt very much that AWStats is generating these errors. The only
traffic awstats.pl should be generating are reverse lookups from the
gethostbyaddr() calls. You should only being seeing traffic to your DNS
from awstats.pl.
I would suggest running awstats.pl with an update
from the command-line and seeing if the errors occur at that time.
Logged In: YES
user_id=96898
Yes, this is caused by reverse DNS lookup.
You can disable it with DNSLookup=0 option.
Logged In: YES
user_id=96898
Yes, this is caused by reverse DNS lookup.
You can disable it with DNSLookup=0 option.
Logged In: YES
user_id=96898
Yes, this is caused by reverse DNS lookup.
You can disable it with DNSLookup=0 option.