Re: possible causes of source and destination ip from external network

• Previous message: Koç.net: "RE: ssh and ids"
• In reply to: Annie Green: "possible causes of source and destination ip from external network"
• Next in thread: Adam Powers: "Re: possible causes of source and destination ip from external network"
• Reply: Adam Powers: "Re: possible causes of source and destination ip from external network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Jun 2004 21:46:02 -0400 (EDT)
To: Annie Green <annie_r_green@hotmail.com>

On Sat, 19 Jun 2004, Annie Green wrote:

> What would be the possible causes of the IDS alert that shows source ip
> and destination ip from external network? Also, why did the router route
> this packet in the first place?

- misconfiguration of the router or the sensor
- you are providing transit you didn't know you were over hard, routed
  links
- you have rogue network access points (ie APs) you didn't expect
- spoofed addresses in the traffic

an incomplete list, but you get the idea.

________
jose nazario, ph.d. jose@monkey.org
http://monkey.org/~jose/ http://infosecdaily.net/

---------------------------------------------------------------------------

---------------------------------------------------------------------------

• Previous message: Koç.net: "RE: ssh and ids"
• In reply to: Annie Green: "possible causes of source and destination ip from external network"
• Next in thread: Adam Powers: "Re: possible causes of source and destination ip from external network"
• Reply: Adam Powers: "Re: possible causes of source and destination ip from external network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]