Snort mailing list archives

Re: Bad-Traffic message....

From: hchlai () netscape net
Date: Mon, 08 May 2006 15:02:33 -0400

I have seen this coming from voice and video conferencing devices. Youmay need to contact the vendor to find out why the device is doing it,but most of the time, they are just harmless traffic of proprietaryprotocols which don't complying with RFC standards.


HinSuk


-----Original Message-----
From: Jeffery Gunter <jgunter () cbetn com>
To: snort-users () lists sourceforge net
Sent: Mon, 8 May 2006 11:33:01 -0400
Subject: [Snort-users] Bad-Traffic message....

Does anyone know how I can find out what this is and why? I'm getting
about 30 messages a day on it and I can't figure out where it's coming
from.

Jeffery Gunter | Chief Information Officer | Citizens Bank of East
Tennessee | http://www.cbetn.com
email: jgunter () cbetn com
Land: 423-272-2200 x17
Cell: 423-754-5157
Fax: 423-272-2322
-----Original Message-----
From: IDS [mailto:SNORT]
Sent: Monday, May 08, 2006 11:30 AM
To: Jeffery Gunter; 4237545157 () vtext com
Subject:
Importance: Low

IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification:
Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 ->
10.51.215.100:3069
:IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification:
Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 ->
10.51.215.100:3069
:IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification:
Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 ->
10.51.215.100:3069
:

This e-mail was scanned for viruses.


-------------------------------------------------------

Using Tomcat but need to do more? Need to support web services,security?Get stuff done quickly with pre-integrated technology to make your jobeasierDownload IBM WebSphere Application Server v.1.0.1 based on ApacheGeronimo

http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


___________________________________________________
Try the New Netscape Mail Today!
Virtually Spam-Free | More Storage | Import Your Contact List
http://mail.netscape.com



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Bad-Traffic message.... Jeffery Gunter (May 08)
- Re: Bad-Traffic message.... hchlai (May 08)
- <Possible follow-ups>
- RE: Bad-Traffic message.... Kretzer, Jason R (Big Sandy) (May 08)
- RE: Bad-Traffic message.... Jeffery Gunter (May 08)
  - Re: Bad-Traffic message.... Paul Schmehl (May 08)
    - Re: Bad-Traffic message.... James Lay (May 08)
    - Re: Bad-Traffic message.... Paul Schmehl (May 08)
  - FS: 2x Sourcefire Servers rack mount 2ghz SFP gigabit Original cost was $17,000 now $1400 each nwr (May 09)
  - Re: Bad-Traffic message.... Jason Brvenik (May 10)