Re: possible causes of source and destination ip from external network
From: Tony Rall (trall_at_almaden.ibm.com)
Date: 06/22/04
- Previous message: Frank Knobbe: "RE: ssh and ids"
- In reply to: Annie Green: "possible causes of source and destination ip from external network"
- Next in thread: Mike Frantzen: "Re: possible causes of source and destination ip from external network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ids@securityfocus.com Date: Mon, 21 Jun 2004 19:47:46 -0700
On Saturday, 2004-06-19 at 22:09 ZE8, "Annie Green"
<annie_r_green@hotmail.com> wrote:
> What would be the possible causes of the IDS alert that shows source ip
and
> destination ip from external network? Also, why did the router route
this
> packet in the first place?
An extremely remote possibility is that source routing was used to direct
external source traffic through your network (but you really shouldn't be
allowing source routed packets into your network). But what is much more
likely is that you have a machine on your net using the wrong IP address.
One example of that is a simple misconfiguration (a machine was used on
some other network and then erroneously connected to your network without
changing its config). And then it could be an infected machine spoofing
the source address.
Tony Rall
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Frank Knobbe: "RE: ssh and ids"
- In reply to: Annie Green: "possible causes of source and destination ip from external network"
- Next in thread: Mike Frantzen: "Re: possible causes of source and destination ip from external network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
