#578 IP Spoof messages from firewall

closed
None
6
2012-10-11
2002-01-08
Anonymous
No

AWSTATS VERSION (no support for older versions than 3.0 and beta versions):
3.2 (build 84)
OS (Windows/Unix) + VERSION : Windows NT4
WEB SERVER NAME (IIS/Apache/...) + VERSION : IIS4
PERL INTERPRETER NAME + VERSION (if known) : ActiveState
If your site is online, give your awstats URL: http://www.tbri.com/stats/cgi-
bin/awstats.pl

Your problem description :
Would there be any reason we are getting "IP spoof detected" messages from
our firewall (SonicWall) when the awstats.pl script is run. The message is:
01/08/2002 05:07:12.768 -
IP spoof detected -
Source:146.115.100.100, 137, DMZ -
Destination:170.252.80.2, 137, WAN -
MAC address: 00.B0.D0.20.3A.9F -

We get these once per hour, which coincides with when the perl script is run on
the server. The "Destination" IP address will change on each message, but all
other "fields" will remain the same.

Note: our web server, which is behind a firewall, has three NIC cards,
the "Source" address above is one of them.

Thanks much!

Discussion

  • Forrest R. Stevens

    Logged In: YES
    user_id=53583

    I doubt very much that AWStats is generating these errors. The only
    traffic awstats.pl should be generating are reverse lookups from the
    gethostbyaddr() calls. You should only being seeing traffic to your DNS
    from awstats.pl.

    I would suggest running awstats.pl with an update
    from the command-line and seeing if the errors occur at that time.

     
  • Laurent Destailleur (Eldy)

    Logged In: YES
    user_id=96898

    Yes, this is caused by reverse DNS lookup.
    You can disable it with DNSLookup=0 option.

     
  • Laurent Destailleur (Eldy)

    Logged In: YES
    user_id=96898

    Yes, this is caused by reverse DNS lookup.
    You can disable it with DNSLookup=0 option.

     
  • Laurent Destailleur (Eldy)

    Logged In: YES
    user_id=96898

    Yes, this is caused by reverse DNS lookup.
    You can disable it with DNSLookup=0 option.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks