[Snort-users] Bad-Traffic message....

James Lay jlay at ...13475...
Mon May 8 09:21:06 EDT 2006


On Mon, 08 May 2006 11:16:25 -0500
Paul Schmehl <pauls at ...6838...> wrote:

> Jeffery Gunter wrote:
> > I do not even have a piece of equipment with this address on my
> > network. I've tried Ping, Tracert and nothing comes back other than
> > seeing it go through my router to the internet but nothing after
> > that.
> > 
> 
> It's a private address, so it's not going to route on the internet. 
> (The entire 10/8 is private.)  It may be an indication of a machine
> on your network that has been compromised or even one that has a bad
> NIC. You'll probably have to root around in your routers and switches
> to track down the origin of it, but it *should* be coming from
> something on your network, because your ISP should not be routing
> 10/8 traffic to you.

Heh....I'm going through that right now with my ISP at work...they are
routing EVERYTHING....even reserved traffic....I've seen popup spam
attempts from addresses like 1.1.1.1 and 0.0.90.5.

May want to verify that they aren't doing like mine is..

James




More information about the Snort-users mailing list