Snort mailing list archives
RE: possible causes of source and destination ip fr om external network
From: "Truax, Shawn (MBS)" <Shawn.Truax () mbs gov on ca>
Date: Mon, 21 Jun 2004 09:48:26 -0400
Hi Annie, Can you post some more info on the packet. You don't give much to go on. Was it UDP, TCP, ICMP? Are you on an exclusive ISP Link or do you share bandwidth within the building? What was the payload of the packet? There are various ways to spoof addresses, but if the destination IP was not an IP on your network then you need to look at the context of the packet and how many packets there were. Shawn Truax Security Specialist Corporate Security 155 University Ave. Toronto, Ontario M5H 3B7 (416)327-1107 -----Original Message----- From: Annie Green [mailto:annie_r_green () hotmail com] Sent: June 20, 2004 8:05 AM To: snort-users () lists sourceforge net Subject: [Snort-users] possible causes of source and destination ip from external network Hi all What would be the possible causes of the IDS alert that shows source ip and destination ip from external network? Also, why did the router route this packet in the first place? Regards, A. _________________________________________________________________ Find gifts, buy online with MSN Shopping. http://shopping.msn.com.sg/ ------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: possible causes of source and destination ip fr om external network Truax, Shawn (MBS) (Jun 21)