Snort mailing list archives
Re: Bad-Traffic message....
From: Jason Brvenik <jason.brvenik () sourcefire com>
Date: Mon, 08 May 2006 11:55:53 -0400
Do you have the pcap output with the full packet? It is not uncommon for a device to be misconfigured and cause this... The pcap should produce a mac address for you and from there you can start tracking at layer2 Jeffery Gunter wrote:
I do not even have a piece of equipment with this address on my network. I've tried Ping, Tracert and nothing comes back other than seeing it go through my router to the internet but nothing after that. Jeffery Gunter | Chief Information Officer | Citizens Bank of East Tennessee | http://www.cbetn.com email: jgunter () cbetn com Land: 423-272-2200 x17 Cell: 423-754-5157 Fax: 423-272-2322 -----Original Message----- From: Kretzer, Jason R (Big Sandy) [mailto:jason.kretzer () kctcs edu] Sent: Monday, May 08, 2006 11:50 AM To: Jeffery Gunter; snort-users () lists sourceforge net Subject: RE: [Snort-users] Bad-Traffic message.... I get these as well. Mine come from a networked Dell printer that is communicating with itself. Strange, I know but it happens. Try entering the IP into a web browser and see if the printer interface comes up. -Jason-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jeffery Gunter Sent: Monday, May 08, 2006 11:33 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Bad-Traffic message.... Importance: Low Does anyone know how I can find out what this is and why? I'm getting about 30 messages a day on it and I can't figure out where it's coming from. Jeffery Gunter | Chief Information Officer | Citizens Bank of East Tennessee | http://www.cbetn.com email: jgunter () cbetn com Land: 423-272-2200 x17 Cell: 423-754-5157 Fax: 423-272-2322 -----Original Message----- From: IDS [mailto:SNORT] Sent: Monday, May 08, 2006 11:30 AM To: Jeffery Gunter; 4237545157 () vtext com Subject: Importance: Low IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification: Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 -> 10.51.215.100:3069 :IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification: Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 -> 10.51.215.100:3069 :IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification: Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 -> 10.51.215.100:3069 : This e-mail was scanned for viruses. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-usersThis e-mail was scanned for viruses. This e-mail was scanned for viruses. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
-- Jason Brvenik - Sourcefire PGP: 89C6 DE77 3B32 FC03 A5AE B5DD 11DF 4C8B 0D8E 3383 Key: http://cerberus.sourcefire.com/~jbrvenik/jason.brvenik.pgp.key ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bad-Traffic message.... Jeffery Gunter (May 08)
- Re: Bad-Traffic message.... hchlai (May 08)
- <Possible follow-ups>
- RE: Bad-Traffic message.... Kretzer, Jason R (Big Sandy) (May 08)
- RE: Bad-Traffic message.... Jeffery Gunter (May 08)
- Re: Bad-Traffic message.... Paul Schmehl (May 08)
- Re: Bad-Traffic message.... James Lay (May 08)
- Re: Bad-Traffic message.... Paul Schmehl (May 08)
- Re: Bad-Traffic message.... Paul Schmehl (May 08)
- FS: 2x Sourcefire Servers rack mount 2ghz SFP gigabit Original cost was $17,000 now $1400 each nwr (May 09)
- Re: Bad-Traffic message.... Jason Brvenik (May 10)