Re: possible causes of source and destination ip from external network

From: Adam Powers (apowers_at_lancope.com)
Date: 06/22/04

  • Next message: Darren Spruell: "General ruleset tweaking and testing resources" 
    Date: Tue, 22 Jun 2004 15:41:35 -0400
To: Jose Nazario <jose@monkey.org>, Annie Green <annie_r_green@hotmail.com>

    What were the source and destination addresses? In addition to the list
    below, I would definitely add DHCP failure (169. addresses).

    On 6/21/04 9:46 PM, "Jose Nazario" <jose@monkey.org> wrote:

    > On Sat, 19 Jun 2004, Annie Green wrote:
    >
    >> What would be the possible causes of the IDS alert that shows source ip
    >> and destination ip from external network? Also, why did the router route
    >> this packet in the first place?
    >
    > - misconfiguration of the router or the sensor
    > - you are providing transit you didn't know you were over hard, routed
    > links
    > - you have rogue network access points (ie APs) you didn't expect
    > - spoofed addresses in the traffic
    >
    > an incomplete list, but you get the idea.
    >
    > ________
    > jose nazario, ph.d. jose@monkey.org
    > http://monkey.org/~jose/ http://infosecdaily.net/
    >
    > ---------------------------------------------------------------------------
    >
    > ---------------------------------------------------------------------------
    > 

    -- 
Adam  Powers
Senior Security Engineer
Advanced  Technology Group
c. 678.725.1028
o. 770.225.6521
f. 770.225.6501
e. apowers@lancope.com
AOL IM:  adampowers22
StealthWatch by Lancope - Security  through network intelligence
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Darren Spruell: "General ruleset tweaking and testing resources"

    Relevant Pages