Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

IP 127.0.0.1

From: "Javier Otero De Alba" <jotero () smartekh com>
Date: Mon, 28 Mar 2005 17:40:45 -0600
I have next problem:

We have found pakages in our net with source address 127.0.0.1 in any part of our wan.
We are interested in find the possible cause.
Tha antivirus does not detect any thing, IPS log shows next (in excel format):

Name    Value

Name:   Src127
Direction:      Inbound
Destination Port:       1919
Domain: /My Company
Result Status:  Suspicious
Attack Name:    IP: Packet has Invalid Address Source/Destination Address
Benign Trigger Probability:     Low
comments        
Exploit ID:     1
State:  Unacknowledged
Subcategory:    protocol-violation
Source IP:      127.0.0.1
Detection Mechanism:    protocol-anomaly
Sensor ID:      netsensor1
Alert ID        4.76E+18
Application Protocol:   - - - -
Source Port:    80
Destination IP: 10.1.10.3
Category:       Exploit
Severity:       Imformational
Network Protocol:       tcp
Time:   2005-02-23 18:03:53.000 CST
Interface:      Red_10.1.10.0

Name    Value

Name:   Signature-1109274364921
Direction:      Inbound
Destination Port:       1975
Domain: /My Company
Result Status:  Blocked
Attack Name:    UDS-127.0.0.1
Benign Trigger Probability:     High
comments        
Exploit ID:     1
State:  Unacknowledged
Subcategory:    - - - -
Source IP:      127.0.0.1
Detection Mechanism:    - - - -
Sensor ID:      netsensor1
Alert ID        4.75875E+18
Application Protocol:   - - - -
Source Port:    80
Destination IP: 10.1.3.210
Category:       - - - -
Severity:       High
Network Protocol:       tcp
Time:   2005-02-24 20:29:25.000 CST
Interface:      3A-3B

Name    Value

Name:   Src127
Direction:      Inbound
Destination Port:       1111
Domain: /My Company
Result Status:  Suspicious
Attack Name:    IP: Packet has Invalid Address Source/Destination Address
Benign Trigger Probability:     Low
comments        
Exploit ID:     1
State:  Unacknowledged
Subcategory:    protocol-violation
Source IP:      127.0.0.1
Detection Mechanism:    protocol-anomaly
Sensor ID:      netsensor1
Alert ID        4.75875E+18
Application Protocol:   - - - -
Source Port:    80
Destination IP: 10.1.5.44
Category:       Exploit
Severity:       Imformational
Network Protocol:       tcp
Time:   2005-02-23 18:03:41.000 CST
Interface:      Red_10.1.5.0

Thanks in advance.


Ing. Fco. Javier Otero De Alba
Diplomado en Seguridad Informática ITESM CEM 
JNSA-S, JNSS-S
ITStrap
Product Manager 
Juniper Secure Access SSL
5243-4782 al 84 Ext.300
México, D.F.
Previous By Date Next
Previous By Thread Next

Current thread: