Snort mailing list archives
loopback traffic on the network
From: rms <rms () telekom yu>
Date: 27 Feb 2002 14:04:07 +0100
I see a lot of traffic like this going through my router. All sorts of loopback addresses as source. The destination is a single DNS server. Anybody knows what this could be? Sample: [**] [1:528:2] BAD TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 02/24-16:17:04.499538 127.184.74.150:12147 -> xxx.xxx.56.98:3385 UDP TTL:239 TOS:0x0 ID:13808 IpLen:20 DgmLen:30 DF Len: 10 [**] [1:528:2] BAD TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 02/24-16:17:04.579538 127.9.163.142:32067 -> xxx.xxx.56.98:22719 UDP TTL:239 TOS:0x0 ID:17326 IpLen:20 DgmLen:30 DF Len: 10 ... ... ... and so on...Very large number of alerts of the kind, only changing the destination port and source address. Any hints, pointers, URLs resources, anything? Another question: is it possible to see a regular packet on the network having 127.x.x.x as: a) source b) destination address If answer is yes, than under what condition this might be (an exapmle would be appreciated) TIA R.Soskic _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- loopback traffic on the network rms (Feb 27)
- <Possible follow-ups>
- loopback traffic on the network rms (Feb 27)
- Re: loopback traffic on the network Chris Keladis (Feb 27)
- RE: loopback traffic on the network Tom Sevy (Feb 27)