Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: All alerts have src/dest as 0.0.0.0

From: twig les <twigles () yahoo com>
Date: Sat, 30 Nov 2002 11:30:36 -0800 (PST)
This probably isn't what is going on with you, but I
got FLOODED with the 0.0.0.0:0->0.0.0.0:0 alerts a
while back and after firing up tcpdump -X src 0.0.0.0
it told me in no uncertain terms that we were getting
malformed packets from our firewall (I had to follow
the MAC addresses, not fun).  When I looked thru the
logs, it turned out that our firewall vendor had
upgraded their OS (or whatever they call that thing)
right when the alerts started.


--- Jason Algol <slashdotcommacolon () hotmail com>
wrote:

hello, ive upgraded to snort 1.9.0 and now i cant
stop snort from setting 
the src/dst in all alerts to 0.0.0.0, making them
pretty useless.

$ snort -V
Initializing Output Plugins!

-*> Snort! <*-
Version 1.9.0 (Build 209)
By Martin Roesch (roesch () sourcefire com,
www.snort.org

examples:

snort: [1:449:4] ICMP Time-To-Live Exceeded in
Transit
[Classification: Misc activity] [Priority: 3]:
{ICMP} 0.0.0.0 -> 0.0.0.0
snort: [1:527:3] BAD TRAFFIC same SRC/DST
[Classificati
on: Potentially Bad Traffic] [Priority: 2]: {TCP}
0.0.0.0:1298 -> 0.0.0.0:80

what could be causing this?

Linux x86



_________________________________________________________________

Protect your PC - get McAfee.com VirusScan Online 


http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963






-------------------------------------------------------

This SF.net email is sponsored by: Get the new Palm
Tungsten T 
handheld. Power & Color in a compact size! 


http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:


https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:


http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: