Suspected DoS: BAD TRAFFIC loopback traffic

[Bosse Klykken <bosse () klykken com>]

Hi, I just wanted to get confirmation from you guys on this, does this
seem to be a DoS attack against my ISP? The destination IP spans
randomly throughout my public IP range, but does not occur more often
than every few minutes.

When I first got this alert, I thought it might be some crazy
misconfigured webserver responding to a request in a weird way, but
after monitoring this for a while, I see that it has no fixed
destination address, and that it goes on and on in off-peak hours as
well. There has been several thousand cases of this kind of bad
traffic the last days.

------------------------------------------------------------------------------
#(2 - 4126) [2003-11-18 06:25:29]  BAD TRAFFIC loopback traffic
IPv4: 127.0.0.1 -> 194.143.xx.xx
      hlen=5 TOS=0 dlen=40 ID=51371 flags=0 offset=0 TTL=118 chksum=10312
TCP:  port=80 -> dport: 1495  flags=***A*R** seq=0
      ack=423952385 off=5 res=0 win=0 urp=0 chksum=15495
Payload: none
------------------------------------------------------------------------------

Thanks for your help,
.../Bosse
-- 
Bosse Klykken - http://www.klykken.com/~bosse - PGP: 0x570ABB4E
Act like nothing's wrong


-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users