Re: possible causes of source and destination ip from external network
From: Stephen Samuel (samuel_at_bcgreen.com)
Date: 06/27/04
- Previous message: Martin Roesch: "Snort CVS Moving to cvs.snort.org"
- In reply to: Annie Green: "possible causes of source and destination ip from external network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Jun 2004 22:29:03 -0700 To: Annie Green <annie_r_green@hotmail.com>
One of the questions I would ask, in terms of determining what's happening
is: "what interface are these packets arriving on? You have a different
set of issues to deal with if it's coming from the inside than you do if
it's cominmg from the outside.
You should be able to determine this if your IDS/firewall logs either of
the actual interface, or the source/destination MAC address of the
packets in question.
Mac addresses require an extra step to help figure out where a packet
is arriving, but they also give you some hope of tracking which station
(or router) the packets came from
Annie Green wrote:
> Hi all
>
> What would be the possible causes of the IDS alert that shows source ip
> and destination ip from external network? Also, why did the router route
> this packet in the first place?
>
> Regards,
> A.
>
-- Stephen Samuel +1(604)876-0426 samuel@bcgreen.com http://www.bcgreen.com/~samuel/ Powerful committed communication. Transformation touching the jewel within each person and bringing it to light. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Martin Roesch: "Snort CVS Moving to cvs.snort.org"
- In reply to: Annie Green: "possible causes of source and destination ip from external network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
