It's not entirely clear from your question what your setup is -- presumably when someone dials in, they are assigned an address from your dialup pool. This pool should NOT include the address of your gateway router, which means that the person is spoofing your router's IP address. But, your message implies that this person is in fact using a registered IP address, and the duplicate address is causing routing problems that are preventing your other users from reaching the router correctly. First, then, check your dialup pool to make sure you have not mistakenly included your router's IP in the available addresses. Second, if the person is breaking in using others' accounts, you should take whatever steps are outlined in your policy on unauthorized use -- presumably you would at least contact the owners of those accounts, inform them of suspected unauthorized use, and advise that they change their passwords. If the person is using a spoofed address, you can use ingress and egress filtering to block the spoofed traffic. Clearly you should not see traffic originating from your gateway router's IP coming from your dial-up connections. Configure the packet-filtering device closest to your dialup systems to only accept traffic from your "known good" block of IP addresses (i.e., your dial up pool). Spoofed packets often do not route properly because they are using a false IP address that is not native to the network segment they originate from. Attackers will sometimes use source routing to circumvent this problem, actually specifying the route the packet should take through the network. Your routers, firewalls, etc. should be configured to drop source-routed packets.
Dig Deeper on Network Security Monitoring and Analysis
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.