IDS mailing list archives

Re: possible causes of source and destination ip from external network

From: Jose Nazario <jose () monkey org>
Date: Mon, 21 Jun 2004 21:46:02 -0400 (EDT)

On Sat, 19 Jun 2004, Annie Green wrote:

What would be the possible causes of the IDS alert that shows source ip
and destination ip from external network? Also, why did the router route
this packet in the first place?


- misconfiguration of the router or the sensor
- you are providing transit you didn't know you were over hard, routed
  links
- you have rogue network access points (ie APs) you didn't expect
- spoofed addresses in the traffic

an incomplete list, but you get the idea.

________
jose nazario, ph.d.                     jose () monkey org
http://monkey.org/~jose/                http://infosecdaily.net/

---------------------------------------------------------------------------

---------------------------------------------------------------------------

Current thread:

possible causes of source and destination ip from external network Annie Green (Jun 21)
- Re: possible causes of source and destination ip from external network Jose Nazario (Jun 22)
  - Re: possible causes of source and destination ip from external network Adam Powers (Jun 23)
    - Re: possible causes of source and destination ip from external network Jose Nazario (Jun 24)
- Re: possible causes of source and destination ip from external network Adam Baldwin (Jun 22)
- Re: possible causes of source and destination ip from external network Mike Frantzen (Jun 22)
- Re: possible causes of source and destination ip from external network Tony Rall (Jun 22)
- Re: possible causes of source and destination ip from external network Tony Carter (Jun 24)
- Re: possible causes of source and destination ip from external network Stephen Samuel (Jun 29)
- <Possible follow-ups>
- RE: possible causes of source and destination ip from external network Tom Arseneault (Jun 22)