Loopback problem

["Novan" <novan () students stttelkom ac id>]

I have some problem with snort and loopback interface
why snort always logging that my loopback interface make some connection to 
all private subnet in my campus
know i'm olny remove the bad trafic rules to reduce the log file
it's the problem with my snort or with my box ?

this is the sample of my alert

[**] [1:528:5] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
10/11-16:23:35.072106 127.0.0.1:80 -> 10.14.30.149:1783
TCP TTL:128 TOS:0x0 ID:24160 IpLen:20 DgmLen:40
***A*R** Seq: 0x0  Ack: 0x25010001  Win: 0x0  TcpLen: 20
[Xref => http://rr.sans.org/firewall/egress.php]

[**] [1:528:5] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
10/11-16:23:35.103618 127.0.0.1:80 -> 10.14.131.60:1517
TCP TTL:128 TOS:0x0 ID:24161 IpLen:20 DgmLen:40
***A*R** Seq: 0x0  Ack: 0x6090001  Win: 0x0  TcpLen: 20
[Xref => http://rr.sans.org/firewall/egress.php]

[**] [1:528:5] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
10/11-16:23:35.134646 127.0.0.1:80 -> 10.14.236.136:1114
TCP TTL:128 TOS:0x0 ID:24162 IpLen:20 DgmLen:40
***A*R** Seq: 0x0  Ack: 0xF5B0001  Win: 0x0  TcpLen: 20
[Xref => http://rr.sans.org/firewall/egress.php]

i'm using snort 2.2.0 in gentoo 1.4

regrad

novan 



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users