Snort mailing list archives
RE: Re: port 0 packets from bogon networks
From: Ryan Hill <rhill () xypoint com>
Date: Sun, 25 Nov 2001 20:04:03 -0800
Joe, FYI - although I haven't been seeing these packets externally, false alarms on an internal sensor here have been traced to Cisco's Local Director boxes and their communication with a management station. Bad Cisco - no biscuit! Regards, Ryan Hill, MCSE IT Ninja Corporate Information Systems Telecommunication Systems, Inc. (TCS) - http://www.telecomsys.com v: 206.792.2276 - f: 206.792.2001 pgp: 0x17CE70AB
-----Original Message----- From: Joe Pampel [mailto:joe () ardsley com] Sent: Friday, November 23, 2001 10:48 AM To: snort-users () lists sourceforge net; snort-users-request () lists sourceforge net Subject: [Snort-users] Re: port 0 packets from bogon networks I know this isn't the NIDS helpline, but I am seeing a lot more of this sort of packet than usual. I stop them at the edge router with an ACL (per Rob Thomas) but I've never seen much action from this list. Today I am seeing a bunch and am just curious is anyone else is getting some action? Maybe something's up, maybe I just ate too much yesterday. (maybe both?) I normally would associate anything with a bad return address as some sort of DOS, but is there anything else you'd do to someone else from a spoofed &/or unroutable IP? A quick google yielded this http://www.sans.org/y2k/120700-1700.htm which > had some good points (perhaps it's someone trying to spoof my internal IP's.. except they are way way off.) Thx, Joe _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/s> nort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: port 0 packets from bogon networks Joe Pampel (Nov 23)
- <Possible follow-ups>
- RE: Re: port 0 packets from bogon networks Ryan Hill (Nov 25)