[Snort-users] Loopback traffic
cholley at ...11679...
Fri Apr 23 14:18:09 EDT 2004
I certainly don't know :( where the packets are being generated. I traced
back to my router the arp table as well, and really what else can I do at
this point. We are going to call our ISP, and we are going to investigate
adding something for 127.0.0.1 into our routers access list. Has anyone
ever done that?
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Rodrigo B.
Sent: Friday, April 23, 2004 5:05 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Loopback traffic
Hi log watchers!!!
The big question now is "What is generating these packets?".
Following what we are seeing in the messages, I asked to my snorts to
get layer 2 informations (-e) and at the end I checked the ARP table, so
I discovered that the "BAD-TRAFFIC loopback traffic" is coming from
some routers interfaces and by the ttl values I could see that it comes
from some one near.
So, does anybody knows what is generating these packets?
Rodrigo Buarque Ramos
GPG KEY ID: 0x71CFE098 --> http://pgp.mit.edu
Key fingerprint = F381 366D D233 22B4 7E72 A21D DE9B 2FF3 71CF E098
55 81 88513524
55 81 3463.1593
More information about the Snort-users