[Snort-users] Loopback traffic

Chuck Holley cholley at ...11679...
Fri Apr 23 14:18:09 EDT 2004


I certainly don't know :( where the packets are being generated.  I traced
back to my router the arp table as well, and really what else can I do at
this point.  We are going to call our ISP, and we are going to investigate
adding something for 127.0.0.1 into our routers access list.  Has anyone
ever done that? 

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Rodrigo B.
Ramos
Sent: Friday, April 23, 2004 5:05 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Loopback traffic

Hi log watchers!!!

The big question now is "What is generating these packets?".

Following what we are seeing in the messages, I asked to my snorts to
get layer 2 informations (-e) and at the end I checked the ARP table, so
I discovered that the  "BAD-TRAFFIC loopback traffic" is coming from 
some routers interfaces and by the ttl values I could see that it comes
from some one near.

So, does anybody knows what is generating these packets?



Best regards,
-- 
Rodrigo Buarque Ramos
GPG KEY ID: 0x71CFE098 --> http://pgp.mit.edu
Key fingerprint = F381 366D D233 22B4 7E72  A21D DE9B 2FF3 71CF E098
55 81 88513524
55 81 3463.1593
http://www.triforsec.com.br
http://www.defenselayer.com






More information about the Snort-users mailing list