[Snort-users] Source IP 220.127.116.11
ypwhich at ...11276...
Tue Feb 24 06:59:44 EST 2004
While not 100% certain, what you're receiving sounds like a multicast.
Probably from your ISP. Perhaps run a sniffer which would provide more
On Sun, 22 Feb 2004, Ed wrote:
> Date: Sun, 22 Feb 2004 14:52:54 -0500
> From: Ed <ed at ...11248...>
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Source IP 18.104.22.168
> Greetings -
> Has anyone ran into seeing tons of traffic from this IP? I setup snort on my redhat box acting as
> a my router for my cable modem. I see TONS of traffic from 22.214.171.124 to 0.0.0.0 The signature
> lists as "snort\_decoder) WARNING: Not IPv4 datagram!", Layer 4 Protocol: 48
> I've seen about 5000 packets in the past 8 hours. WHOIS informaion shows as being IANA Reserved...
More information about the Snort-users