Snort mailing list archives

IP recognition

From: Mayur Patil <ram.nath241089 () gmail com>
Date: Fri, 19 Jul 2013 14:48:35 +0530

Hello,

    I am unable to recognize the IP when I run snort in NIDS mode.

    *192.168.10.121:56333 -> 224.0.0.252:5355* UDP TTL:1 TOS:0x0 ID:18058
IpLen:20 DgmLen:50

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    07/19-14:45:25.191751 00:22:19:06:B9:1C -> FF:FF:FF:FF:FF:FF type:0x800
len:0x5C
*    10.1.11.172:137 -> 10.1.11.255:137* UDP TTL:128 TOS:0x0 ID:15751
IpLen:20 DgmLen:78
    +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    07/19-14:45:25.194146 B8:AC:6F:45:F8:23 -> FF:FF:FF:FF:FF:FF type:0x800
len:0xF3
*    10.1.47.230:138 -> 10.1.47.255:138* UDP TTL:128 TOS:0x0 ID:5740
IpLen:20 DgmLen:229

     My admin says it is from other IP range within proxy then why they are
bombarding on my system unintentionally ??

    How to stop them from interacting my system?

     Any hints !!

     Seeking for guidance,

     Thanks !!

-- 
*Cheers,
Mayur*.

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

IP recognition Mayur Patil (Jul 19)
- Re: IP recognition waldo kitty (Jul 19)
  - Re: IP recognition Mayur Patil (Jul 19)