HPE Community
IMC
1753266 Members
5090 Online
108792 Solutions
New Discussion

IMC pinging with a spoofed source IP?

 
RudyW
Occasional Advisor

‎11-11-2013 11:58 AM

‎11-11-2013 11:58 AM

IMC pinging with a spoofed source IP?

My installation of IMC v7 is sitting on my lab network, which is separated from my production wired and wireless networks by a firewall. I have found some odd behavior coming from IMC--it is sending a ping to an IP address on a wired, production segment with a source IP address that is not its own.

 

The IP address of the IMC server is 10.10.42.42. It is pinging through the fierewall to the WLAN controller (IP address 10.9.0.10). Oddly enough, the firewall (and Wireshark) are seeing IMC send the pings to 10.9.0.10 with the source IP address of 10.9.0.254. No such IP address exists on the 10.9.0.0/24 subnet.

 

Naturally, the firewall classifies this as an attack since it fits IP spoofing criteria. Has anyone else seen this behavior?

0 Kudos
1 REPLY 1
LindsayHill
Honored Contributor

‎11-11-2013 12:31 PM

‎11-11-2013 12:31 PM

Re: IMC pinging with a spoofed source IP?

Go to System -> System Configuration -> System Settings.

Find "Enable Forged Ping Packets", and set it to No. Click OK.

It's used to try and improve discovery accuracy by making devices update their ARP caches. Problem is that firewalls typically block the spoofed addresses.

__
@northlandboy
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.