IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: possible causes of source and destination ip from external network

From: Adam Powers <apowers () lancope com>
Date: Tue, 22 Jun 2004 15:41:35 -0400
What were the source and destination addresses? In addition to the list
below, I would definitely add DHCP failure (169. addresses).




On 6/21/04 9:46 PM, "Jose Nazario" <jose () monkey org> wrote:


On Sat, 19 Jun 2004, Annie Green wrote:


What would be the possible causes of the IDS alert that shows source ip
and destination ip from external network? Also, why did the router route
this packet in the first place?


- misconfiguration of the router or the sensor
- you are providing transit you didn't know you were over hard, routed
  links
- you have rogue network access points (ie APs) you didn't expect
- spoofed addresses in the traffic

an incomplete list, but you get the idea.

________
jose nazario, ph.d.   jose () monkey org
http://monkey.org/~jose/   http://infosecdaily.net/

---------------------------------------------------------------------------

---------------------------------------------------------------------------



-- 

Adam  Powers
Senior Security Engineer
Advanced  Technology Group
c. 678.725.1028
o. 770.225.6521
f. 770.225.6501
e. apowers () lancope com
AOL IM:  adampowers22

StealthWatch by Lancope - Security  through network intelligenceĀ



---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: