IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

IMC pinging with a spoofed source IP?

 
RudyW
Occasional Advisor

IMC pinging with a spoofed source IP?

My installation of IMC v7 is sitting on my lab network, which is separated from my production wired and wireless networks by a firewall. I have found some odd behavior coming from IMC--it is sending a ping to an IP address on a wired, production segment with a source IP address that is not its own.

 

The IP address of the IMC server is 10.10.42.42. It is pinging through the fierewall to the WLAN controller (IP address 10.9.0.10). Oddly enough, the firewall (and Wireshark) are seeing IMC send the pings to 10.9.0.10 with the source IP address of 10.9.0.254. No such IP address exists on the 10.9.0.0/24 subnet.

 

Naturally, the firewall classifies this as an attack since it fits IP spoofing criteria. Has anyone else seen this behavior?

1 REPLY
LindsayHill
Honored Contributor

Re: IMC pinging with a spoofed source IP?

Go to System -> System Configuration -> System Settings.

Find "Enable Forged Ping Packets", and set it to No. Click OK.

It's used to try and improve discovery accuracy by making devices update their ARP caches. Problem is that firewalls typically block the spoofed addresses.