Snort mailing list archives

Re: Bad-Traffic message....

From: Jason Brvenik <jason.brvenik () sourcefire com>
Date: Mon, 08 May 2006 11:55:53 -0400

Do you have the pcap output with the full packet? It is not uncommon for
a device to be misconfigured and cause this... The pcap should produce a
mac address for you and from there you can start tracking at layer2

Jeffery Gunter wrote:

I do not even have a piece of equipment with this address on my network.
I've tried Ping, Tracert and nothing comes back other than seeing it go
through my router to the internet but nothing after that.

Jeffery Gunter  |  Chief Information Officer  |  Citizens Bank of East
Tennessee  |  http://www.cbetn.com
email:  jgunter () cbetn com
Land:  423-272-2200  x17
Cell:  423-754-5157
Fax:  423-272-2322

-----Original Message-----
From: Kretzer, Jason R (Big Sandy) [mailto:jason.kretzer () kctcs edu] 
Sent: Monday, May 08, 2006 11:50 AM
To: Jeffery Gunter; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Bad-Traffic message....

I get these as well.  Mine come from a networked Dell printer that is
communicating with itself.  Strange, I know but it happens.  Try
entering the IP into a web browser and see if the printer interface
comes up.

-Jason

-----Original Message-----
From: snort-users-admin () lists sourceforge net 
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
Jeffery Gunter
Sent: Monday, May 08, 2006 11:33 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Bad-Traffic message....
Importance: Low

Does anyone know how I can find out what this is and why?  I'm getting
about 30 messages a day on it and I can't figure out where it's coming
from.

Jeffery Gunter  |  Chief Information Officer  |  Citizens Bank of East
Tennessee  |  http://www.cbetn.com
email:  jgunter () cbetn com
Land:  423-272-2200  x17
Cell:  423-754-5157
Fax:  423-272-2322
-----Original Message-----
From: IDS [mailto:SNORT] 
Sent: Monday, May 08, 2006 11:30 AM
To: Jeffery Gunter; 4237545157 () vtext com
Subject: 
Importance: Low

IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification:
Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 ->
10.51.215.100:3069 
:IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification:
Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 ->
10.51.215.100:3069 
:IDS:S=snort:ID=1:[1:527:8] BAD-TRAFFIC same SRC/DST [Classification:
Potentially Bad Traffic] [Priority: 2]: {UDP} 10.51.215.100:1378 ->
10.51.215.100:3069 
:

This e-mail was scanned for viruses.


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web 
services, security?
Get stuff done quickly with pre-integrated technology to make 
your job easier
Download IBM WebSphere Application Server v.1.0.1 based on 
Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users



This e-mail was scanned for viruses.

This e-mail was scanned for viruses.


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users


-- 
Jason Brvenik - Sourcefire
PGP: 89C6 DE77 3B32 FC03 A5AE B5DD 11DF 4C8B 0D8E 3383
Key: http://cerberus.sourcefire.com/~jbrvenik/jason.brvenik.pgp.key


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Bad-Traffic message.... Jeffery Gunter (May 08)
- Re: Bad-Traffic message.... hchlai (May 08)
- <Possible follow-ups>
- RE: Bad-Traffic message.... Kretzer, Jason R (Big Sandy) (May 08)
- RE: Bad-Traffic message.... Jeffery Gunter (May 08)
  - Re: Bad-Traffic message.... Paul Schmehl (May 08)
    - Re: Bad-Traffic message.... James Lay (May 08)
    - Re: Bad-Traffic message.... Paul Schmehl (May 08)
  - FS: 2x Sourcefire Servers rack mount 2ghz SFP gigabit Original cost was $17,000 now $1400 each nwr (May 09)
  - Re: Bad-Traffic message.... Jason Brvenik (May 10)