Snort mailing list archives
Re: BAD TRAFFIC loopback traffic
From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 22 Aug 2003 13:02:45 -0400
At 04:07 PM 8/22/2003 +0530, IntegPatchMgr wrote:
am getting below message, Can any one let me know what is this mean ?
The ip address 127.0.0.1 is invalid to ever appear on the internet. It's a loopack address and more or less means "myself" to a computer.
The packet in question has a source IP address of 127.0.0.1. This particular case looks like a repose from a broken webserver.
Sometimes setting the source to 127.0.0.1 is used to try to DoS a machine by confusing it into a loop with itself, but only very old implementations of IP stacks are vulnerable to this (well before 1995, probably circa 1992 or so).
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BAD TRAFFIC loopback traffic IntegPatchMgr (Aug 22)
- Re: BAD TRAFFIC loopback traffic Erek Adams (Aug 22)
- Re: BAD TRAFFIC loopback traffic Edin Dizdarevic (Aug 23)
- <Possible follow-ups>
- Re: BAD TRAFFIC loopback traffic Matt Kettler (Aug 22)
- Re: BAD TRAFFIC loopback traffic JP Vossen (Aug 27)
- Re: BAD TRAFFIC loopback traffic Edin Dizdarevic (Aug 27)
- Re: BAD TRAFFIC loopback traffic JP Vossen (Aug 27)
- Re: BAD TRAFFIC loopback traffic Edin Dizdarevic (Aug 27)