Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 127.0.0.1

From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Thu, 01 Apr 2004 11:04:29 +0200
Hi Snort Man!

First of all, read the old postings about this, since there are many.
(This had to be said, sorry...)

Second:
You have provided far too less information:
- Your OS
- Your configuration vars
- Your command line
- Your network environment

Third:
This could be a combination of two configuration errors you possibly may
have done:

1. You have defined your HOME_NET and EXTERNAL_NET to "any"
2. You're running snort with "-i any" (on Linux)

Connecting to your local webserver may under these circumstances trigger
those alerts. Check that. Also remember: Both things are tendentially
bad workarounds, try to avoid them.

Fourth:
You're getting some spoofed packets from the "outside". Check your
packet filters and keep an eye on it. Nothing unusual nowadays.

Fifth:
For the loopback stuff check R.W. Stevens.

Regards,
Edin


Snort Man schrieb:
Dear All I am new to this snort thing. I installed snort and 70% of the traffice is as follows.. loopback address port 80 is sending requests to internal and external addresses. can anybody please explaing what is this ?? 

--
Edin Dizdarevic


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: