Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Konstantin2014-11-27 11:24:06
linux
Konstantin, 2014-11-27 11:24:06

There is a lot of anti-spoofing alert log on kerio with wifi, what's the problem?

Hi all.
the essence is this: there is a network that goes to the outside world through Kerio Control, network equipment between everything: HP-1910 switches and an external cisco2921 router. We decided to put a new wifi from Ubiquity (UniFi AP) with a soft controller on ubuntu.
After creating a virtual machine on ESXI with an ubuntu server (the controller is installed there) and turning on the wifi network controller in the vlan, logs begin to pour on kerio: (without VLANs the same, only the subnet is different)

[27/Nov/2014 10:22:37] Anti-spoofing: Packet from LAN, proto:ICMP, len:84, 192.168.10.100 -> 192.168.10.2, type:8 code:0 id:1268 seq:36326 ttl:64
[27/Nov/2014 10:22:38] Anti-spoofing: Packet from LAN, proto:ICMP, len:84, 192.168.10.100 -> 192.168.10.2, type:8 code:0 id:1268 seq:36327 ttl:64
[27/Nov/2014 10:22:39] Anti-spoofing: Packet from LAN, proto:ICMP, len:84, 192.168.10.100 -> 192.168.10.2, type:8 code:0 id:1268 seq:36328 ttl:64
[27/Nov/2014 10:22:40] Anti-spoofing: Packet from LAN, proto:ICMP, len:84, 192.168.10.100 -> 192.168.10.2, type:8 code:0 id:1268 seq:36329 ttl:64
[27/Nov/2014 10:22:41] Anti-spoofing: Packet from LAN, proto:ICMP, len:84, 192.168.10.100 -> 192.168.10.2, type:8 code:0 id:1268 seq:36330 ttl:64
[27/Nov/2014 10:22:42] Anti-spoofing: Packet from LAN, proto:ICMP, len:84, 192.168.10.100 -> 192.168.10.2, type:8 code:0 id:1268 seq:36331 ttl:64

In addition to ICMP, there is also UDP. similar example below
After disconnecting the controller from the network, this begins:
[27/Nov/2014 11:17:51] Anti-spoofing: Packet from LAN, proto:UDP, len:69, 169.254.150.40:50526 -> 192.168.99.5:53, udplen:41
[27/Nov/2014 11:17:52] Anti-spoofing: Packet from LAN, proto:UDP, len:69, 169.254.150.40:50526 -> 192.168.99.12:53, udplen:41
[27/Nov/2014 11:17:55] Anti-spoofing: Packet from LAN, proto:UDP, len:69, 169.254.150.40:50526 -> 192.168.99.12:53, udplen:41
[27/Nov/2014 11:17:55] Anti-spoofing: Packet from LAN, proto:UDP, len:69, 169.254.150.40:50526 -> 192.168.99.5:53, udplen:41
[27/Nov/2014 11:17:55] Anti-spoofing: Packet from LAN, proto:UDP, len:69, 169.254.150.40:50526 -> 192.168.99.12:53, udplen:41
[27/Nov/2014 11:17:59] Anti-spoofing: Packet from LAN, proto:UDP, len:69, 169.254.150.40:50526 -> 192.168.99.5:53, udplen:41

How to find out what the problem is and who exactly is the source of it. Please direct me in the right direction
. Kerio alert logs start to disappear when I delete the virtual interface on ESXI. I don’t understand why, when the network is turned off on a virtual machine, it tries to send udp packets to servers 192.168.99.0/24, BUT tcpdump on the same virtual machine is silent

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
M
Michael, 2014-12-05
@DyadyaMisha

You need to look at the network settings
Can't figure it out without a network diagram

Similar questions
P
polyvoidex2018-08-03 14:33:33
How to run Fedora 28 Workstation on a laptop? 2Reply
V
Vit2013-12-12 09:48:54
Can increasing the segment size on Linux lead to sudden segfaults? 2Reply
V
Vi2016-03-15 14:00:10
How to run an uncompressed system kernel in KVM or QEMU? 1Reply
M
Max2018-08-03 22:12:17
Binding directories of one drive to a directory of another drive, is it possible? 1Reply
D
Dm Bk2013-12-13 09:46:45
memory problem 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question