[Snort-users] Bad-Traffic message....

Paul Schmehl pauls at ...6838...
Mon May 8 09:17:04 EDT 2006


Jeffery Gunter wrote:
> I do not even have a piece of equipment with this address on my network.
> I've tried Ping, Tracert and nothing comes back other than seeing it go
> through my router to the internet but nothing after that.
> 

It's a private address, so it's not going to route on the internet. 
(The entire 10/8 is private.)  It may be an indication of a machine on 
your network that has been compromised or even one that has a bad NIC. 
You'll probably have to root around in your routers and switches to 
track down the origin of it, but it *should* be coming from something on 
your network, because your ISP should not be routing 10/8 traffic to you.

-- 
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5007 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060508/1388f739/attachment.bin>


More information about the Snort-users mailing list