RE: possible causes of source and destination ip fr om external network

["Truax, Shawn (MBS)" <Shawn.Truax () mbs gov on ca>]

Hi Annie,

Can you post some more info on the packet. You don't give much to go on.
Was it UDP, TCP, ICMP?  Are you on an exclusive ISP Link or do you share
bandwidth within the building?  What was the payload of the packet?  There
are various ways to spoof addresses, but if the destination IP was not an IP
on your network then you need to look at the context of the packet and how
many packets there were.

Shawn Truax
Security Specialist
Corporate Security
155 University Ave.
Toronto, Ontario
M5H 3B7
(416)327-1107


-----Original Message-----
From: Annie Green [mailto:annie_r_green () hotmail com]
Sent: June 20, 2004 8:05 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] possible causes of source and destination ip from
external network


Hi all

What would be the possible causes of the IDS alert that shows source ip and 
destination ip from external network? Also, why did the router route this 
packet in the first place?

Regards,
A.

_________________________________________________________________
Find gifts, buy online with MSN Shopping. http://shopping.msn.com.sg/



-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users