[Snort-users] Loopback problem
frank at ...9761...
Wed Oct 13 14:41:48 EDT 2004
On Mon, 2004-10-11 at 10:01, Novan wrote:
> I have some problem with snort and loopback interface
> why snort always logging that my loopback interface make some connection to
> all private subnet in my campus
> know i'm olny remove the bad trafic rules to reduce the log file
> it's the problem with my snort or with my box ?
> this is the sample of my alert
> [**] [1:528:5] BAD-TRAFFIC loopback traffic [**]
> [Classification: Potentially Bad Traffic] [Priority: 2]
> 10/11-16:23:35.072106 127.0.0.1:80 -> 10.14.30.149:1783
> TCP TTL:128 TOS:0x0 ID:24160 IpLen:20 DgmLen:40
> ***A*R** Seq: 0x0 Ack: 0x25010001 Win: 0x0 TcpLen: 20
> [Xref => http://rr.sans.org/firewall/egress.php]
The answer to this question is easily found all over the web and in the
Snort-Users archive. It gets asked every couple of month either here or
in other lists like Dshield or Incidents. I've decided to stop
responding and instead referring to archived versions.
There answer is here:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users