Snort mailing list archives
Re: Loopback problem
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 13 Oct 2004 16:40:22 -0500
On Mon, 2004-10-11 at 10:01, Novan wrote:
I have some problem with snort and loopback interface why snort always logging that my loopback interface make some connection to all private subnet in my campus know i'm olny remove the bad trafic rules to reduce the log file it's the problem with my snort or with my box ? this is the sample of my alert [**] [1:528:5] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 10/11-16:23:35.072106 127.0.0.1:80 -> 10.14.30.149:1783 TCP TTL:128 TOS:0x0 ID:24160 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x25010001 Win: 0x0 TcpLen: 20 [Xref => http://rr.sans.org/firewall/egress.php]
The answer to this question is easily found all over the web and in the Snort-Users archive. It gets asked every couple of month either here or in other lists like Dshield or Incidents. I've decided to stop responding and instead referring to archived versions. There answer is here: http://archives.neohapsis.com/archives/snort/2004-05/0337.html Regards. Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- ACID and 2005 Michael Schwartzkopff (Oct 10)
- Re: ACID and 2005 Jose Maria Lopez (Oct 10)
- Re: ACID and 2005 Kevin Johnson (Oct 10)
- Re: ACID and 2005 Alex Butcher, ISC/ISYS (Oct 11)
- Loopback problem Novan (Oct 13)
- Re: Loopback problem Frank Knobbe (Oct 13)
- Loopback problem Novan (Oct 13)