Snort mailing list archives
Re: Source IP 173.80.0.0
From: ypwhich <ypwhich () paunix org>
Date: Mon, 23 Feb 2004 21:04:30 +0000 (UTC)
Ed, While not 100% certain, what you're receiving sounds like a multicast. Probably from your ISP. Perhaps run a sniffer which would provide more information. -ypwhich On Sun, 22 Feb 2004, Ed wrote:
Date: Sun, 22 Feb 2004 14:52:54 -0500 From: Ed <ed () eddo net> To: snort-users () lists sourceforge net Subject: [Snort-users] Source IP 173.80.0.0 Greetings - Has anyone ran into seeing tons of traffic from this IP? I setup snort on my redhat box acting as a my router for my cable modem. I see TONS of traffic from 173.80.0.0 to 0.0.0.0 The signature lists as "snort\_decoder) WARNING: Not IPv4 datagram!", Layer 4 Protocol: 48 I've seen about 5000 packets in the past 8 hours. WHOIS informaion shows as being IANA Reserved... http://ws.arin.net/cgi-bin/whois.pl?queryinput=173.80.0.0
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Source IP 173.80.0.0 Ed (Feb 22)
- Re: Source IP 173.80.0.0 ypwhich (Feb 24)
- Re: Source IP 173.80.0.0 [revisited], bug? Ed (Mar 02)
- RE: Source IP 173.80.0.0 [revisited], bug? Fred McFeeters (Mar 02)
- Re: Source IP 173.80.0.0 [revisited], bug? ypwhich (Mar 02)
- Re: Source IP 173.80.0.0 [revisited], bug? Ed (Mar 02)
- Re: Source IP 173.80.0.0 ypwhich (Feb 24)