Re: Bad Loop Back Traffic

["Scott Elgram" <SElgram () verifpoint com>]

Hummm, interesting,
    I have my SNORT installed on RH9 with 2 interfaces.  The interface with
the sensor is connected to a hub between my router and firewall.  The
interface has no IP address and catches only out-bound and in-bound traffic
from the internet.  For a while I was under the impression that this "Bad
Loop Back Traffic" was the result of having an interface up with no IP or
configuration.  Could this be the reason you think?
-Scott Elgram

----- Original Message ----- 
From: <bclark () bwkip com>
To: <snort-users () lists sourceforge net>
Cc: <SElgram () verifpoint com>
Sent: Tuesday, February 24, 2004 9:01 AM
Subject: Re: [Snort-users] Bad Loop Back Traffic


> I have also seen this type of traffic about 200,000 alerts last night.  I
> am not sure but I think it is a clients Windows machine.
>
> > Hello,
> >     I have an abundance of alerts telling me
> > url[snort] BAD-TRAFFIC loopback traffic on 127.0.0.1:80
> > According to snort this is due to improperly configured interfaces.  =
> > Which part is improperly configured and how can I fix this? Or have I =
> > been hacked?
> >
> > -Scott Elgram
> > IT/Systems Support
> > VerifPoint/CreDENTALs
> > (949)770-5290 ext. 26




-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users