On Fri, May 14, 2010 at 9:01 PM, Simon Mbuthia <
simon.mbuthia@gmail.com> wrote:
> Hi aki,
>
> The interesting thing is that the spoofing computer appears to be in my LAN
> because it's accessing the firewall through the internal interface. I did a
> packet sniff using wireshark on "ip.src == 10.230.0.63" and got the ethernet
> address, then did another scan with the expression "ethernet.src ==
> wh.at.i.got" and I got different LAN IP addresses... do I have a botnet or
> what?? The ethernet address is for a 3Com device. I have 3Com switches in my
> LAN. But 3Com switches aren't configured with IP addresses etc... unless
> 3COM themselves hardwired the configurations onto the devices... Anyway, my
> investigations continue on Monday.
>
> Let me know what you think.
>
>