« DVR != TiVo | Main | 100BaseFire »

False Alarm

This morning I was minding my own business when I received an e-mail from my firewall stating that:

From: firewall@teh.internet.tubes
To: alerter@chickenpotpieacousticsystems.net
Subject: NetScreen Mail Alert

Alarm Logs Reported From: homefirewall
Event Alarms:
   1. 2008-03-06 07:46:15 system-alert-00008:  IP Spoof, From 86.117xx.xx/1031 to 205.181.yy.yy/2746, protocol UDP (i/f trust) occurred 2 times

I'm thinking to myself, "oh crap, I've got malware", or even worse, "oh crap, I've got a misconfigured intruder".  I'm quite used to folks on the the internet trying to portscan my network, but traffic originating on my home network is a whole different game.

I calm down for a second and search for the netblock owner of the IP address range.  I calm down even more, as it turns out to be my wife's laptop VPN trying to connect and pass traffic back to the corporate office in Switzerland at the same time.  I am quite calm now, and sip my delicious Nespresso.  All is good in the world once again.

Bookmark and Share


TrackBack URL for this entry: