[snort] BAD-TRAFFIC loopback traffic 4.9-PRE
Pertti Kosunen
pertti.kosunen at kolumbus.fi
Mon Sep 22 03:40:03 PDT 2003
>> What could cause this loopback traffic?
>
> Forged source address on a network with no egress filtering.
>
> Kris
Ok i put the ipfw on with the default simple mode.
ipfw -a l
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
...
Still get this:
tcpdump: listening on xl0
12:51:15.736517 0:90:1a:40:1f:db 0:50:da:ca:61:e9 0800 60: 127.0.0.1.80 >
out.ip.1165: R 0:0(0) ack 1416364033 win 0
12:51:19.092168 0:90:1a:40:1f:db 0:50:da:ca:61:e9 0800 60: 127.0.0.1.80 >
out.ip.1284: R 0:0(0) ack 72679425 win 0
12:52:32.717702 0:90:1a:40:1f:db 0:50:da:ca:61:e9 0800 60: 127.0.0.1.80 >
out.ip.1667: R 0:0(0) ack 1243086849 win 0
0:90:1a:40:1f:db Is default gateways (ISP) mac address, xl0 0:50:da:ca:61:e9
is my outside net card.
Is this normal traffic and what i should check next?
More information about the freebsd-stable
mailing list