[Snort-users] RE: Bad Loop Back Traffic

James Nonya slave_tothe_box at ...131...
Tue Feb 24 11:00:05 EST 2004


Hehe...I see this too here....one with a linux gateway
with bridging, and another with a pix firewall:

Feb 24 11:38:46 10.0.0.254 Feb 24 2004 10:43:33:
%PIX-2-106016: Deny IP spoof from (127.0.0.1) to
209.*.*.* on interface outside

My guess is crappy routing on some ISP's

James
"Finney Charles E" <FinneyCharlesE at ...2134...>
wrote:

> >Reply-To: "Scott Elgram" <SElgram at ...10477...>
> >From: "Scott Elgram" <SElgram at ...10477...>
> >To: <snort-users at lists.sourceforge.net>
> >Date: Mon, 23 Feb 2004 13:56:25 -0800
> >Organization: VerifPoint/CreDENTALs
> >Subject: [Snort-users] Bad Loop Back Traffic
> >
> >Hello,
> >    I have an abundance of alerts telling me
> >url[snort] BAD-TRAFFIC loopback traffic on
127.0.0.1:80
> >According to snort this is due to improperly
configured interfaces.  =
> >Which part is improperly configured and how can I
fix this? Or have I =
> >been hacked?
> >
> >-Scott Elgram
> >IT/Systems Support
> >VerifPoint/CreDENTALs
> >(949)770-5290 ext. 26
> 
> We have seen this traffic in copious quantities from
F5 Networks BigIP systems.  Perchance?
> 
> cf
> 
> 
> 
>
-------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps
Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id56&alloc_id438&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools




More information about the Snort-users mailing list