Re: Bad-Traffic message....

[James Lay <jlay () slave-tothe-box net>]

On Mon, 08 May 2006 11:16:25 -0500
Paul Schmehl <pauls () utdallas edu> wrote:

> Jeffery Gunter wrote:
> > I do not even have a piece of equipment with this address on my
> > network. I've tried Ping, Tracert and nothing comes back other than
> > seeing it go through my router to the internet but nothing after
> > that.
>
> It's a private address, so it's not going to route on the internet. 
> (The entire 10/8 is private.)  It may be an indication of a machine
> on your network that has been compromised or even one that has a bad
> NIC. You'll probably have to root around in your routers and switches
> to track down the origin of it, but it *should* be coming from
> something on your network, because your ISP should not be routing
> 10/8 traffic to you.

Heh....I'm going through that right now with my ISP at work...they are
routing EVERYTHING....even reserved traffic....I've seen popup spam
attempts from addresses like 1.1.1.1 and 0.0.90.5.

May want to verify that they aren't doing like mine is..

James


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users