[Snort-users] Source IP 173.80.0.0

ypwhich ypwhich at ...11276...
Tue Feb 24 06:59:44 EST 2004


Ed,

While not 100% certain, what you're receiving sounds like a multicast.
Probably from your ISP.  Perhaps run a sniffer which would provide more
information.

-ypwhich

On Sun, 22 Feb 2004, Ed wrote:

> Date: Sun, 22 Feb 2004 14:52:54 -0500
> From: Ed <ed at ...11248...>
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Source IP 173.80.0.0
>
> Greetings -
>
> Has anyone ran into seeing tons of traffic from this IP?  I setup snort on my redhat box acting as
> a my router for my cable modem.  I see TONS of traffic from 173.80.0.0 to 0.0.0.0  The signature
> lists as "snort\_decoder) WARNING: Not IPv4 datagram!", Layer 4 Protocol: 48
>
> I've seen about 5000 packets in the past 8 hours.  WHOIS informaion shows as being IANA Reserved...
>  http://ws.arin.net/cgi-bin/whois.pl?queryinput=173.80.0.0




More information about the Snort-users mailing list