Netscreen SSG140 IP spoofing

Hello,
I have a Netscreen SSG-140 firewall which is reporting lots of IP
spoofing events in it's logs but I figure out how to stop the alerts
(without just switching them off).

The thing is that the spoofing seems to be coming from the firewall
itself:

"IP Spoofing! From 192.168.10.0:1029 to 192.168.10.202:15868, proto
TCP (zone Untrust, int ethernet0/2). Occured 1 times."

The firewalls Ip is 192.168.10.254 and the .202 address is the DNS
server.
Also the 15868 is the port used by websense which we are using on the
firewall without any problems?

I'm not sure why traffic for the internal LAN is being seen on the
Untrust interface I can't see any problems with the routing tables.

Any ideas of anything I can check?

thanks,
Dave

Re: Netscreen SSG140 IP spoofing

In article <1179488503.195682.97600@q23g2000hsg.googlegroups.com>,
dbitnews@googlemail.com wrote:
>Hello,
>I have a Netscreen SSG-140 firewall which is reporting lots of IP
>spoofing events in it's logs but I figure out how to stop the alerts
>(without just switching them off).

Look under "Screening" in the WebUI. Be sure you're looking
at the Trust zone. Likely you'll find something to uncheck
in the Spoof section.

alan

alan