Snort mailing list archives
Re: loopback traffic
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 19 May 2004 18:55:47 -0400
At 04:11 PM 5/19/2004, Security Personnel wrote:
Down to some more strangeness ---> the packets are rarely to the same port, they come to EVERY machine on our IP range, and picking apart the headers has given me the originating MAC address of our ISP's gateway machine!
Well, that's not surprising.. all packets inbound from the internet are going to have your ISP's gateway machine MAC address on them. It's a gateway after all.
So, basically what you can conclude is that someone, somewhere outside your network (or at least on the other side of your gateway) has sent a packet with 127.0.0.1 as a source address to your network.
This could be a result of deliberate spoofing, it could be a weak DoS attempt, or it could just be someone's system is broken and spewing malformed packets.
The sending machine could be the ISP's gateway, or any part of your ISPs network, or any part of the internet as a general whole.
Any ideas? any fellow sufferers?
Firewall inbound packets with 127.0.0.1 as a source address? ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10gGet certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Loopback traffic Rodrigo B. Ramos (Apr 23)
- RE: Loopback traffic Chuck Holley (Apr 23)
- RE: Loopback traffic Matt Kettler (Apr 26)
- <Possible follow-ups>
- loopback traffic Security Personnel (May 19)
- Re: loopback traffic Matt Kettler (May 19)
- Re: loopback traffic James Riden (May 19)
- Re: loopback traffic Security Personnel (May 19)
- Re: loopback traffic Matt Kettler (May 19)
- RE: loopback traffic Bob Sukovich (May 20)
- RE: Loopback traffic Chuck Holley (Apr 23)