Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: IP 127.0.0.1

IP 127.0.0.1

From: Javier Otero De Alba <jotero_at_smartekh.com>
Date: Mon, 28 Mar 2005 17:40:45 -0600

I have next problem:

We have found pakages in our net with source address 127.0.0.1 in any part of our wan.
We are interested in find the possible cause.
Tha antivirus does not detect any thing, IPS log shows next (in excel format):

Name Value

Name: Src127
Direction: Inbound
Destination Port: 1919
Domain: /My Company
Result Status: Suspicious
Attack Name: IP: Packet has Invalid Address Source/Destination Address
Benign Trigger Probability: Low
comments
Exploit ID: 1
State: Unacknowledged
Subcategory: protocol-violation
Source IP: 127.0.0.1
Detection Mechanism: protocol-anomaly
Sensor ID: netsensor1
Alert ID 4.76E+18
Application Protocol: - - - -
Source Port: 80
Destination IP: 10.1.10.3
Category: Exploit
Severity: Imformational
Network Protocol: tcp
Time: 2005-02-23 18:03:53.000 CST
Interface: Red_10.1.10.0

Name Value

Name: Signature-1109274364921
Direction: Inbound
Destination Port: 1975
Domain: /My Company
Result Status: Blocked
Attack Name: UDS-127.0.0.1
Benign Trigger Probability: High
comments
Exploit ID: 1
State: Unacknowledged
Subcategory: - - - -
Source IP: 127.0.0.1
Detection Mechanism: - - - -
Sensor ID: netsensor1
Alert ID 4.75875E+18
Application Protocol: - - - -
Source Port: 80
Destination IP: 10.1.3.210
Category: - - - -
Severity: High
Network Protocol: tcp
Time: 2005-02-24 20:29:25.000 CST
Interface: 3A-3B

Name Value

Name: Src127
Direction: Inbound
Destination Port: 1111
Domain: /My Company
Result Status: Suspicious
Attack Name: IP: Packet has Invalid Address Source/Destination Address
Benign Trigger Probability: Low
comments
Exploit ID: 1
State: Unacknowledged
Subcategory: protocol-violation
Source IP: 127.0.0.1
Detection Mechanism: protocol-anomaly
Sensor ID: netsensor1
Alert ID 4.75875E+18
Application Protocol: - - - -
Source Port: 80
Destination IP: 10.1.5.44
Category: Exploit
Severity: Imformational
Network Protocol: tcp
Time: 2005-02-23 18:03:41.000 CST
Interface: Red_10.1.5.0

Thanks in advance.

Ing. Fco. Javier Otero De Alba
Diplomado en Seguridad Informática ITESM CEM
JNSA-S, JNSS-S
ITStrap
Product Manager
Juniper Secure Access SSL
5243-4782 al 84 Ext.300
México, D.F.
Received on Mar 29 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]