RE: Loopback traffic

["Chuck Holley" <cholley () fitnessquest com>]

I certainly don't know :( where the packets are being generated.  I traced
back to my router the arp table as well, and really what else can I do at
this point.  We are going to call our ISP, and we are going to investigate
adding something for 127.0.0.1 into our routers access list.  Has anyone
ever done that? 

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Rodrigo B.
Ramos
Sent: Friday, April 23, 2004 5:05 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Loopback traffic

Hi log watchers!!!

The big question now is "What is generating these packets?".

Following what we are seeing in the messages, I asked to my snorts to
get layer 2 informations (-e) and at the end I checked the ARP table, so
I discovered that the  "BAD-TRAFFIC loopback traffic" is coming from 
some routers interfaces and by the ttl values I could see that it comes
from some one near.

So, does anybody knows what is generating these packets?



Best regards,
-- 
Rodrigo Buarque Ramos
GPG KEY ID: 0x71CFE098 --> http://pgp.mit.edu
Key fingerprint = F381 366D D233 22B4 7E72  A21D DE9B 2FF3 71CF E098
55 81 88513524
55 81 3463.1593
http://www.triforsec.com.br
http://www.defenselayer.com




-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users