[Snort-users] Bad-Traffic message....

Paul Schmehl pauls at ...6838...
Mon May 8 09:51:01 EDT 2006

James Lay wrote:
> On Mon, 08 May 2006 11:16:25 -0500
> Paul Schmehl <pauls at ...6838...> wrote:
>> Jeffery Gunter wrote:
>>> I do not even have a piece of equipment with this address on my
>>> network. I've tried Ping, Tracert and nothing comes back other than
>>> seeing it go through my router to the internet but nothing after
>>> that.
>> It's a private address, so it's not going to route on the internet. 
>> (The entire 10/8 is private.)  It may be an indication of a machine
>> on your network that has been compromised or even one that has a bad
>> NIC. You'll probably have to root around in your routers and switches
>> to track down the origin of it, but it *should* be coming from
>> something on your network, because your ISP should not be routing
>> 10/8 traffic to you.
> Heh....I'm going through that right now with my ISP at work...they are
> routing EVERYTHING....even reserved traffic....I've seen popup spam
> attempts from addresses like and
> May want to verify that they aren't doing like mine is..
OK.  Your ISP should be banned from the Internet....

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5007 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060508/b7d68521/attachment.bin>

More information about the Snort-users mailing list