Snort mailing list archives
same SRC/DST
From: "James" <the_saint_james () yahoo com>
Date: Mon, 24 Dec 2001 23:53:00 -0700
12/24-13:38:42.005838 [**] [1:527:2] BAD TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 3.0.0.2:1452 -> 3.0.0.2:5103 12/24-13:38:45.105850 [**] [1:527:2] BAD TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 3.0.0.2:1452 -> 3.0.0.2:5103 12/24-13:38:50.995873 [**] [1:527:2] BAD TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 3.0.0.2:1452 -> 3.0.0.2:5103 12/24-13:39:05.195928 [**] [1:527:2] BAD TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 3.0.0.2:1452 -> 3.0.0.2:5103 12/24-13:39:27.496015 [**] [1:527:2] BAD TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 3.0.0.2:1454 -> 3.0.0.2:5103 12/24-13:39:30.496026 [**] [1:527:2] BAD TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 3.0.0.2:1454 -> 3.0.0.2:5103 I am sniffing the Ethernet interface of our DS3 gateway, so it either went in or out. This network, 3.0.0.0 (General Electric Company) is not part of our address space. Can anyone give me more info other than saying it is spoofing ? Sorry, no full headers. james _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNORT DROPPING PACKETS Bartholomew Simpson (Dec 22)
- <Possible follow-ups>
- RE: SNORT DROPPING PACKETS Crow, Owen (Dec 22)
- RE: SNORT DROPPING PACKETS Greg Herlein (Dec 23)
- RE: SNORT DROPPING PACKETS Crow, Owen (Dec 23)
- Re: SNORT DROPPING PACKETS Chris Green (Dec 23)
- Re: SNORT DROPPING PACKETS Phil Wood (Dec 23)
- Incident Identification Frank Reid (Dec 23)
- Re: Incident Identification Phil Wood (Dec 23)
- same SRC/DST James (Dec 24)
- Re: same SRC/DST Kyle R Maxwell (Dec 25)
- Re: same SRC/DST James (Dec 25)
- Re: same SRC/DST Ashley Thomas (Dec 25)
- Re: Incident Identification (data in TCP syn packet) Matt Kettler (Dec 26)
- Re: Incident Identification (data in TCP syn packet) james (Dec 26)
- I want to dump full packets, but just for one rule james (Dec 26)
- Re: SNORT DROPPING PACKETS Phil Wood (Dec 23)