IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: possible causes of source and destination ip from external network

From: Stephen Samuel <samuel () bcgreen com>
Date: Sat, 26 Jun 2004 22:29:03 -0700
One of the questions I would ask, in terms of determining what's happening
is:  "what interface are these packets arriving on?  You have a different
set of issues to deal with if it's coming from the inside than  you do if
it's cominmg from the outside.

You should be able to determine this if your IDS/firewall logs either of
the actual interface, or the source/destination MAC address of the
packets in question.

Mac addresses require an extra step to help figure out where a packet
is arriving, but they also give you some hope of tracking which station
(or router) the packets came from


Annie Green wrote:

Hi all
What would be the possible causes of the IDS alert that shows source ip and destination ip from external network? Also, why did the router route this packet in the first place? 

Regards,
A.



--
Stephen Samuel +1(604)876-0426                samuel () bcgreen com
                   http://www.bcgreen.com/~samuel/
   Powerful committed communication. Transformation touching
     the jewel within each person and bringing it to light.

---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: