Snort mailing list archives
Strange Loopback Traffic
From: "Chad Gross - Loretel" <cgross () loretel net>
Date: Tue, 7 Oct 2003 21:57:26 -0500
I have a single snort host with dual nics, one monitoring internal traffic, one monitoring external traffic (setup in stealth mode). I consistently see this traffic: BAD-TRAFFIC loopback traffic 127.0.0.1:80 W.X.Y.Z:1969 BAD-TRAFFIC loopback traffic 127.0.0.1:80 W.X.Y.Z:1369 BAD-TRAFFIC loopback traffic 127.0.0.1:80 W.X.Y.Z:1177 . . . W.X.Y.Z is the external address of the firewall, which has anti-spoofing enabled. Sometimes the dest IP is from another IP on the subnet, but more often it is the ext firewall IP. Any ideas? Chad
Current thread:
- Strange Loopback Traffic Chad Gross - Loretel (Oct 07)
- Re: Strange Loopback Traffic Frank Knobbe (Oct 07)
- Re[2]: Strange Loopback Traffic Jyri Hovila (Oct 08)
- Re: Re[2]: Strange Loopback Traffic Frank Knobbe (Oct 10)
- SnortCenter Sensor failed to start samwun (Oct 18)
- Re[2]: Strange Loopback Traffic Jyri Hovila (Oct 08)
- <Possible follow-ups>
- Strange Loopback traffic Scott Weller (Oct 10)
- Re: Strange Loopback Traffic Frank Knobbe (Oct 07)