[Snort-users] IP recognition

Mayur Patil ram.nath241089 at ...11827...
Fri Jul 19 05:18:35 EDT 2013


Hello,

    I am unable to recognize the IP when I run snort in NIDS mode.

    *192.168.10.121:56333 -> 224.0.0.252:5355* UDP TTL:1 TOS:0x0 ID:18058
IpLen:20 DgmLen:50

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    07/19-14:45:25.191751 00:22:19:06:B9:1C -> FF:FF:FF:FF:FF:FF type:0x800
len:0x5C
*    10.1.11.172:137 -> 10.1.11.255:137* UDP TTL:128 TOS:0x0 ID:15751
IpLen:20 DgmLen:78
    +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    07/19-14:45:25.194146 B8:AC:6F:45:F8:23 -> FF:FF:FF:FF:FF:FF type:0x800
len:0xF3
*    10.1.47.230:138 -> 10.1.47.255:138* UDP TTL:128 TOS:0x0 ID:5740
IpLen:20 DgmLen:229

     My admin says it is from other IP range within proxy then why they are
bombarding on my system unintentionally ??

    How to stop them from interacting my system?

     Any hints !!

     Seeking for guidance,

     Thanks !!

-- 
*Cheers,
Mayur*.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130719/71400ace/attachment.html>


More information about the Snort-users mailing list