Intermittent DSL outages and IP Spoofing (long)

Archived from groups: comp.dcom.lans.ethernet (More info?)

We had some intermittent SBC Yahoo DSL outages on our LAN the past
couple of weeks. I got it running and now am getting a lot of IP
Spoofing messages from the router. Are these messages a sign that
something is set up wrong? And why does the DSL connection drop
intermittently?

Here's what I did to get to this point. Yesterday I tried to get it
running again but the SBC Self-support tool said it couldn't find the
router even with a direct connection between the router and the PC
running the tool. Had the same problem when the tool asked to reset to
previously known good settings.

I reconnected the PC to the network. Today I did ipconfig/all from the
command prompt and saw that the default gateway was 192.168.0.xxx and
the DHCP server was 192.168.2.xxx. The DSL modem (a Speedstream
5100)address was 192.168.0.xxx. The DSL modem is connected to the WAN
port of an SMC Barricade 7004ABR router, which had an address of
192.168.2.xxx. I reset the SMC router address to 192.168.0.xxx,
(put it on the same subnet with the DSL modem) and rebooted the PC.
Internet connection came up and all was apparently well. Didn't check
the logs. The SMC router is set up to send alerts to my email address.
Checked email tonight and saw about 50 IP Spoofing alert messages from
the router.

Interestingly, now the "Internet" LED on the DSL modem lights up.
Previously, it did not.

Here is one of the alert messages:

Dear User
Your router has detected and protected you against an attempt to gain
access to your network. This may have been an attempted hacker
intrusion, or perhaps just your Internet Service Provider doing
routine network maintenance.
Most of these network probes are nothing to be worried about - these
types of random probes should NOT be reported, but you may want to
report repeated intrusions attempts. Save this email for comparison
with future alert messages.
Your router Alert Information

Time: 06/28/2004, 21:30:41
Message: IP Spoofing
Source: 192.168.0.xxx, xxxx (port number deleted)
Destination:239.255.255.xxx, xxxx (port number deleted) (from WAN
Inbound)


Visit the UXN Combat Spam web site to get more detailed information
about the intruder - http://combat.uxn.com/
1. Type the intruder's IP address into the IP WHOIS search engine
2. Click the Query Button
3. Detailed network and administration information will be displayed