[Snort-users] Bad Loop Back Traffic

Mat Harris mat.harris at ...10977...
Tue Feb 24 09:46:17 EST 2004


first, I am no network engineer, I just get paid for it :)
I know there are flaws/gaps in my learning.

i have seen the same traffic from two linux boxes at one site. they generate
about 2 alerts each per hour. by this i mean that they detect the packets.
as to who is generating them, there are some windows xp pro clients and a
windows 2000 server running as domain controller.

I am not very worried about this traffic, I put it down to the fact that
both machines are running apache and may be doing some requests across the
local interface.

On Tue, Feb 24, 2004 at 12:01:56 -0500, bclark at ...10956... wrote:
> I have also seen this type of traffic about 200,000 alerts last night.  I
> am not sure but I think it is a clients Windows machine.

-- 
Cats land on their feet. 
Toast lands jellyside down.
A cat glued to some jelly toast will hover in quantum indecision 
	
perl -e'$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: \
	12m m::#;y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print' 

Yes, of course it's the right cabl [le0: NO CARRIER]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040224/76482726/attachment.sig>


More information about the Snort-users mailing list