[Snort-users] a lot of Loopback traffic being logged.

Mark.Schutzmann at ...10438... Mark.Schutzmann at ...10438...
Thu Apr 22 15:07:05 EDT 2004

I reported this same problem earlier. I had a lot of great feedback, if you
want to search the mailing list. Recently, I had this come up again. I used
Snort in non-daemon mode to find the MAC address that was associated with
the address, which lead me to a router (ugh!), I then had to
trace that through my WAN to another network, where we found the local MAC
and traced that to a couple of Japanese engineers who were visiting our
company and had plugged their computers into our network. Unfortunately,
because we did not have a translator and could not readily sift through
their Japanese OS computers, I still cannot say what the source program was
that caused this. I simply had to quarantine their computer away from the
corporate network. If I find a translator and the program, I will forward
this info on. Let me know what you find! I suspect some virus or trojan.
This is a fairly amateur attack to actually be running manually. Good Luck!

Best Regards,

                      "Chuck Holley"                                                                                                              
                      <cholley at ...11679...>          To:       <snort-users at lists.sourceforge.net>                                           
                      Sent by:                            cc:                                                                                     
                      snort-users-admin at ...4626...        Subject:  [Snort-users] a lot of Loopback traffic being logged.                         
                      04/22/2004 08:38 AM                                                                                                         

"BAD-TRAFFIC loopback traffic"  I am getting a lot of this one alert on  im really not sure what is causing this.  If it is faulty
networking or maybe a spoofer.  Now that I know im getting this, thanks to
SNORT, what the heck do I do about it?  Anyone ever remedy this problem?

Chuck Holley
LAN Administrator
FitnessQuest Inc.
Canton, OH
cholley at ...11679...

More information about the Snort-users mailing list