Snort mailing list archives
Re: Bad-Traffic message....
From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 08 May 2006 11:16:25 -0500
Jeffery Gunter wrote:
I do not even have a piece of equipment with this address on my network. I've tried Ping, Tracert and nothing comes back other than seeing it go through my router to the internet but nothing after that.
It's a private address, so it's not going to route on the internet. (The entire 10/8 is private.) It may be an indication of a machine on your network that has been compromised or even one that has a bad NIC. You'll probably have to root around in your routers and switches to track down the origin of it, but it *should* be coming from something on your network, because your ISP should not be routing 10/8 traffic to you.
-- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Bad-Traffic message.... Jeffery Gunter (May 08)
- Re: Bad-Traffic message.... hchlai (May 08)
- <Possible follow-ups>
- RE: Bad-Traffic message.... Kretzer, Jason R (Big Sandy) (May 08)
- RE: Bad-Traffic message.... Jeffery Gunter (May 08)
- Re: Bad-Traffic message.... Paul Schmehl (May 08)
- Re: Bad-Traffic message.... James Lay (May 08)
- Re: Bad-Traffic message.... Paul Schmehl (May 08)
- Re: Bad-Traffic message.... Paul Schmehl (May 08)
- FS: 2x Sourcefire Servers rack mount 2ghz SFP gigabit Original cost was $17,000 now $1400 each nwr (May 09)
- Re: Bad-Traffic message.... Jason Brvenik (May 10)