[Snort-users] Loopback problem

Frank Knobbe frank at ...9761...
Wed Oct 13 14:41:48 EDT 2004


On Mon, 2004-10-11 at 10:01, Novan wrote:
> I have some problem with snort and loopback interface
> why snort always logging that my loopback interface make some connection to 
> all private subnet in my campus
> know i'm olny remove the bad trafic rules to reduce the log file
> it's the problem with my snort or with my box ?
> 
> this is the sample of my alert
> 
> [**] [1:528:5] BAD-TRAFFIC loopback traffic [**]
> [Classification: Potentially Bad Traffic] [Priority: 2]
> 10/11-16:23:35.072106 127.0.0.1:80 -> 10.14.30.149:1783
> TCP TTL:128 TOS:0x0 ID:24160 IpLen:20 DgmLen:40
> ***A*R** Seq: 0x0  Ack: 0x25010001  Win: 0x0  TcpLen: 20
> [Xref => http://rr.sans.org/firewall/egress.php]


The answer to this question is easily found all over the web and in the
Snort-Users archive. It gets asked every couple of month either here or
in other lists like Dshield or Incidents. I've decided to stop
responding and instead referring to archived versions.

There answer is here:
  http://archives.neohapsis.com/archives/snort/2004-05/0337.html

Regards.
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041013/368f25e3/attachment.sig>


More information about the Snort-users mailing list