Snort mailing list archives
Suspected DoS: BAD TRAFFIC loopback traffic
From: Bosse Klykken <bosse () klykken com>
Date: Tue, 18 Nov 2003 16:37:08 +0100
Hi, I just wanted to get confirmation from you guys on this, does this seem to be a DoS attack against my ISP? The destination IP spans randomly throughout my public IP range, but does not occur more often than every few minutes. When I first got this alert, I thought it might be some crazy misconfigured webserver responding to a request in a weird way, but after monitoring this for a while, I see that it has no fixed destination address, and that it goes on and on in off-peak hours as well. There has been several thousand cases of this kind of bad traffic the last days. ------------------------------------------------------------------------------ #(2 - 4126) [2003-11-18 06:25:29] BAD TRAFFIC loopback traffic IPv4: 127.0.0.1 -> 194.143.xx.xx hlen=5 TOS=0 dlen=40 ID=51371 flags=0 offset=0 TTL=118 chksum=10312 TCP: port=80 -> dport: 1495 flags=***A*R** seq=0 ack=423952385 off=5 res=0 win=0 urp=0 chksum=15495 Payload: none ------------------------------------------------------------------------------ Thanks for your help, .../Bosse -- Bosse Klykken - http://www.klykken.com/~bosse - PGP: 0x570ABB4E Act like nothing's wrong ------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Suspected DoS: BAD TRAFFIC loopback traffic Bosse Klykken (Nov 18)