![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: a lot of Loopback traffic being logged.
From: Mark.Schutzmann () Omron com
Date: Thu, 22 Apr 2004 17:08:50 -0500
I reported this same problem earlier. I had a lot of great feedback, if you want to search the mailing list. Recently, I had this come up again. I used Snort in non-daemon mode to find the MAC address that was associated with the 127.0.0.1 address, which lead me to a router (ugh!), I then had to trace that through my WAN to another network, where we found the local MAC and traced that to a couple of Japanese engineers who were visiting our company and had plugged their computers into our network. Unfortunately, because we did not have a translator and could not readily sift through their Japanese OS computers, I still cannot say what the source program was that caused this. I simply had to quarantine their computer away from the corporate network. If I find a translator and the program, I will forward this info on. Let me know what you find! I suspect some virus or trojan. This is a fairly amateur attack to actually be running manually. Good Luck! Best Regards, Mark "Chuck Holley" <cholley () fitnessquest com> To: <snort-users () lists sourceforge net> Sent by: cc: snort-users-admin () lists sour Subject: [Snort-users] a lot of Loopback traffic being logged. ceforge.net 04/22/2004 08:38 AM "BAD-TRAFFIC loopback traffic" I am getting a lot of this one alert on 127.0.0.1. im really not sure what is causing this. If it is faulty networking or maybe a spoofer. Now that I know im getting this, thanks to SNORT, what the heck do I do about it? Anyone ever remedy this problem? Chuck Holley LAN Administrator FitnessQuest Inc. Canton, OH cholley () fitnessquest com ------------------------------------------------------- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg297 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- a lot of Loopback traffic being logged. Chuck Holley (Apr 22)
- Re: a lot of Loopback traffic being logged. Matt Kettler (Apr 22)
- RE: a lot of Loopback traffic being logged. Chuck Holley (Apr 22)
- RE: a lot of Loopback traffic being logged. Matt Kettler (Apr 22)
- RE: a lot of Loopback traffic being logged. Harry Bloomberg (Apr 22)
- RE: a lot of Loopback traffic being logged. Fred Portnoy (Apr 22)
- RE: a lot of Loopback traffic being logged. Chuck Holley (Apr 22)
- Need configuration help Tinni (Apr 22)
- How to start snort for multiple servers' traffic Tinni (Apr 23)
- Re: How to start snort for multiple servers' traffic Edin Dizdarevic (Apr 23)
- Re: a lot of Loopback traffic being logged. Matt Kettler (Apr 22)
- <Possible follow-ups>
- Re: a lot of Loopback traffic being logged. Mark . Schutzmann (Apr 22)
- RE: a lot of Loopback traffic being logged. Chuck Holley (Apr 23)
- RE: a lot of Loopback traffic being logged. Fred Portnoy (Apr 23)
- RE: a lot of Loopback traffic being logged. Chuck Holley (Apr 23)
- RE: a lot of Loopback traffic being logged. Fred Portnoy (Apr 23)
- RE: a lot of Loopback traffic being logged. Milan Kocián (Apr 25)
- RE: a lot of Loopback traffic being logged. Chuck Holley (Apr 23)
- RE: a lot of Loopback traffic being logged. Alejandro Flores (May 27)
- RE: a lot of Loopback traffic being logged. rod (May 28)
- how to clean up database? Cesar (May 27)