IDS mailing list archives
Re: possible causes of source and destination ip from external network
From: Jose Nazario <jose () monkey org>
Date: Mon, 21 Jun 2004 21:46:02 -0400 (EDT)
On Sat, 19 Jun 2004, Annie Green wrote:
What would be the possible causes of the IDS alert that shows source ip and destination ip from external network? Also, why did the router route this packet in the first place?
- misconfiguration of the router or the sensor - you are providing transit you didn't know you were over hard, routed links - you have rogue network access points (ie APs) you didn't expect - spoofed addresses in the traffic an incomplete list, but you get the idea. ________ jose nazario, ph.d. jose () monkey org http://monkey.org/~jose/ http://infosecdaily.net/ --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- possible causes of source and destination ip from external network Annie Green (Jun 21)
- Re: possible causes of source and destination ip from external network Jose Nazario (Jun 22)
- Re: possible causes of source and destination ip from external network Adam Powers (Jun 23)
- Re: possible causes of source and destination ip from external network Jose Nazario (Jun 24)
- Re: possible causes of source and destination ip from external network Adam Powers (Jun 23)
- Re: possible causes of source and destination ip from external network Adam Baldwin (Jun 22)
- Re: possible causes of source and destination ip from external network Mike Frantzen (Jun 22)
- Re: possible causes of source and destination ip from external network Tony Rall (Jun 22)
- Re: possible causes of source and destination ip from external network Tony Carter (Jun 24)
- Re: possible causes of source and destination ip from external network Stephen Samuel (Jun 29)
- <Possible follow-ups>
- RE: possible causes of source and destination ip from external network Tom Arseneault (Jun 22)
- Re: possible causes of source and destination ip from external network Jose Nazario (Jun 22)