[Snort-users] Bad-Traffic message....

Jason Brvenik jason.brvenik at ...1935...
Wed May 10 14:45:32 EDT 2006


Do you have the pcap output with the full packet? It is not uncommon for
a device to be misconfigured and cause this... The pcap should produce a
mac address for you and from there you can start tracking at layer2

Jeffery Gunter wrote:
> I do not even have a piece of equipment with this address on my network.
> I've tried Ping, Tracert and nothing comes back other than seeing it go
> through my router to the internet but nothing after that.
> 
> Jeffery Gunter  |  Chief Information Officer  |  Citizens Bank of East
> Tennessee  |  http://www.cbetn.com
> email:  jgunter at ...13738...
> Land:  423-272-2200  x17
> Cell:  423-754-5157
> Fax:  423-272-2322
> 
> -----Original Message-----
> From: Kretzer, Jason R (Big Sandy) [mailto:jason.kretzer at ...13486...] 
> Sent: Monday, May 08, 2006 11:50 AM
> To: Jeffery Gunter; snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Bad-Traffic message....
> 
> I get these as well.  Mine come from a networked Dell printer that is
> communicating with itself.  Strange, I know but it happens.  Try
> entering the IP into a web browser and see if the printer interface
> comes up.
> 
> -Jason
>  
> 
> 
>>-----Original Message-----
>>From: snort-users-admin at lists.sourceforge.net 
>>[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of 
>>Jeffery Gunter
>>Sent: Monday, May 08, 2006 11:33 AM
>>To: snort-users at lists.sourceforge.net
>>Subject: [Snort-users] Bad-Traffic message....
>>Importance: Low
>>
>>Does anyone know how I can find out what this is and why?  I'm getting
>>about 30 messages a day on it and I can't figure out where it's coming
>>from.
>>
>>Jeffery Gunter  |  Chief Information Officer  |  Citizens Bank of East
>>Tennessee  |  http://www.cbetn.com
>>email:  jgunter at ...13738...
>>Land:  423-272-2200  x17
>>Cell:  423-754-5157
>>Fax:  423-272-2322
>>-----Original Message-----
>>From: IDS [mailto:SNORT] 
>>Sent: Monday, May 08, 2006 11:30 AM
>>To: Jeffery Gunter; 4237545157 at ...10251...
>>Subject: 
>>Importance: Low
>>
>>IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification:
>>Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 ->
>>10.51.215.100:3069 
>>:IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification:
>>Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 ->
>>10.51.215.100:3069 
>>:IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification:
>>Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 ->
>>10.51.215.100:3069 
>>:
>>
>>This e-mail was scanned for viruses.
>>
>>
>>-------------------------------------------------------
>>Using Tomcat but need to do more? Need to support web 
>>services, security?
>>Get stuff done quickly with pre-integrated technology to make 
>>your job easier
>>Download IBM WebSphere Application Server v.1.0.1 based on 
>>Apache Geronimo
>>http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642
>>_______________________________________________
>>Snort-users mailing list
>>Snort-users at lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive:
>>http://www.geocrawler.com/redir-sf.php3?list=ort-users
>>
> 
> 
> This e-mail was scanned for viruses.
> 
> This e-mail was scanned for viruses.
> 
> 
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
> 

-- 
Jason Brvenik - Sourcefire
PGP: 89C6 DE77 3B32 FC03 A5AE B5DD 11DF 4C8B 0D8E 3383
Key: http://cerberus.sourcefire.com/~jbrvenik/jason.brvenik.pgp.key




More information about the Snort-users mailing list