[Snort-users] (no subject)

Rich Adamson radamson at ...2127...
Fri May 31 11:30:04 EDT 2002


There are a lot of ISPs (including Sprint) that do not filter the non-routable
addresses at every router. In some cases, these addresses can carry on a full 
session. The default condition for most routers is to allow the routing.
In your case, you might try tracerouting to it (assuming you are not using
those same addresses).

> Snort LAN sensor
> Here is the line from acid :
> Source
> destination
>       DOS MSDTC attempt         207.35.159.36:80        10.0.0.249:3372
> TCP
> 
> 
> How is this possible? 10.0.0.249 is a proxy machine taht doesn't have public
> ip. How somebody can connect to non-routable ip from the outside world?
> Or should I interpret this line as something else?





More information about the Snort-users mailing list