| Message Code | PIX-2-106016 |
| Severity | Critical |
| Description | Deny IP spoof from (IP_address) to IP_address on interface interface_name. |
| Explanation | The Cisco ASA discarded a packet with an invalid source address, which may include one of the following or some other invalid address: • Loopback network (127.0.0.0) • Broadcast (limited, net-directed, subnet-directed, and all-subnets-directed) • The destination host (land.c) To further enhance spoof packet detection, use the conduit command to configure the Cisco ASA to discard packets with source addresses belonging to the internal network. Now that the icmp command has been implemented, the conduit command has been deprecated and is no longer guaranteed to work properly. |
| User Action | Determine if an external user is trying to compromise the protected network. Check for misconfigured clients. |
| Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.