[Snort-users] Bad-Traffic message....

Paul Schmehl pauls at ...6838...
Mon May 8 09:51:01 EDT 2006


James Lay wrote:
> 
> On Mon, 08 May 2006 11:16:25 -0500
> Paul Schmehl <pauls at ...6838...> wrote:
> 
>> Jeffery Gunter wrote:
>>> I do not even have a piece of equipment with this address on my
>>> network. I've tried Ping, Tracert and nothing comes back other than
>>> seeing it go through my router to the internet but nothing after
>>> that.
>>>
>> It's a private address, so it's not going to route on the internet. 
>> (The entire 10/8 is private.)  It may be an indication of a machine
>> on your network that has been compromised or even one that has a bad
>> NIC. You'll probably have to root around in your routers and switches
>> to track down the origin of it, but it *should* be coming from
>> something on your network, because your ISP should not be routing
>> 10/8 traffic to you.
> 
> Heh....I'm going through that right now with my ISP at work...they are
> routing EVERYTHING....even reserved traffic....I've seen popup spam
> attempts from addresses like 1.1.1.1 and 0.0.90.5.
> 
> May want to verify that they aren't doing like mine is..
> 
OK.  Your ISP should be banned from the Internet....

-- 
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5007 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060508/b7d68521/attachment.bin>


More information about the Snort-users mailing list