Snort mailing list archives
RE: Bad-Traffic message....
From: "Jeffery Gunter" <jgunter () cbetn com>
Date: Mon, 8 May 2006 11:52:12 -0400
I do not even have a piece of equipment with this address on my network. I've tried Ping, Tracert and nothing comes back other than seeing it go through my router to the internet but nothing after that. Jeffery Gunter | Chief Information Officer | Citizens Bank of East Tennessee | http://www.cbetn.com email: jgunter () cbetn com Land: 423-272-2200 x17 Cell: 423-754-5157 Fax: 423-272-2322 -----Original Message----- From: Kretzer, Jason R (Big Sandy) [mailto:jason.kretzer () kctcs edu] Sent: Monday, May 08, 2006 11:50 AM To: Jeffery Gunter; snort-users () lists sourceforge net Subject: RE: [Snort-users] Bad-Traffic message.... I get these as well. Mine come from a networked Dell printer that is communicating with itself. Strange, I know but it happens. Try entering the IP into a web browser and see if the printer interface comes up. -Jason
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jeffery Gunter Sent: Monday, May 08, 2006 11:33 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Bad-Traffic message.... Importance: Low Does anyone know how I can find out what this is and why? I'm getting about 30 messages a day on it and I can't figure out where it's coming from. Jeffery Gunter | Chief Information Officer | Citizens Bank of East Tennessee | http://www.cbetn.com email: jgunter () cbetn com Land: 423-272-2200 x17 Cell: 423-754-5157 Fax: 423-272-2322 -----Original Message----- From: IDS [mailto:SNORT] Sent: Monday, May 08, 2006 11:30 AM To: Jeffery Gunter; 4237545157 () vtext com Subject: Importance: Low IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification: Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 -> 10.51.215.100:3069 :IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification: Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 -> 10.51.215.100:3069 :IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification: Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 -> 10.51.215.100:3069 : This e-mail was scanned for viruses. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
This e-mail was scanned for viruses. This e-mail was scanned for viruses. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bad-Traffic message.... Jeffery Gunter (May 08)
- Re: Bad-Traffic message.... hchlai (May 08)
- <Possible follow-ups>
- RE: Bad-Traffic message.... Kretzer, Jason R (Big Sandy) (May 08)
- RE: Bad-Traffic message.... Jeffery Gunter (May 08)
- Re: Bad-Traffic message.... Paul Schmehl (May 08)
- Re: Bad-Traffic message.... James Lay (May 08)
- Re: Bad-Traffic message.... Paul Schmehl (May 08)
- Re: Bad-Traffic message.... Paul Schmehl (May 08)
- FS: 2x Sourcefire Servers rack mount 2ghz SFP gigabit Original cost was $17,000 now $1400 each nwr (May 09)
- Re: Bad-Traffic message.... Jason Brvenik (May 10)