Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

IP 127.0.0.1

from [Javier Otero De Alba] Network Security [Permanent Link]
Subject: IP 127.0.0.1
Date: Mon, 28 Mar 2005 17:40:45 -0600 
I have next problem:

We have found pakages in our net with source address 127.0.0.1 in any part of 
our wan.
We are interested in find the possible cause.
Tha antivirus does not detect any thing, IPS log shows next (in excel format):

Name    Value

Name:   Src127
Direction:      Inbound
Destination Port:       1919
Domain: /My Company
Result Status:  Suspicious
Attack Name:    IP: Packet has Invalid Address Source/Destination Address
Benign Trigger Probability:     Low
comments        
Exploit ID:     1
State:  Unacknowledged
Subcategory:    protocol-violation
Source IP:      127.0.0.1
Detection Mechanism:    protocol-anomaly
Sensor ID:      netsensor1
Alert ID        4.76E+18
Application Protocol:   - - - -
Source Port:    80
Destination IP: 10.1.10.3
Category:       Exploit
Severity:       Imformational
Network Protocol:       tcp
Time:   2005-02-23 18:03:53.000 CST
Interface:      Red_10.1.10.0

Name    Value

Name:   Signature-1109274364921
Direction:      Inbound
Destination Port:       1975
Domain: /My Company
Result Status:  Blocked
Attack Name:    UDS-127.0.0.1
Benign Trigger Probability:     High
comments        
Exploit ID:     1
State:  Unacknowledged
Subcategory:    - - - -
Source IP:      127.0.0.1
Detection Mechanism:    - - - -
Sensor ID:      netsensor1
Alert ID        4.75875E+18
Application Protocol:   - - - -
Source Port:    80
Destination IP: 10.1.3.210
Category:       - - - -
Severity:       High
Network Protocol:       tcp
Time:   2005-02-24 20:29:25.000 CST
Interface:      3A-3B

Name    Value

Name:   Src127
Direction:      Inbound
Destination Port:       1111
Domain: /My Company
Result Status:  Suspicious
Attack Name:    IP: Packet has Invalid Address Source/Destination Address
Benign Trigger Probability:     Low
comments        
Exploit ID:     1
State:  Unacknowledged
Subcategory:    protocol-violation
Source IP:      127.0.0.1
Detection Mechanism:    protocol-anomaly
Sensor ID:      netsensor1
Alert ID        4.75875E+18
Application Protocol:   - - - -
Source Port:    80
Destination IP: 10.1.5.44
Category:       Exploit
Severity:       Imformational
Network Protocol:       tcp
Time:   2005-02-23 18:03:41.000 CST
Interface:      Red_10.1.5.0

Thanks in advance.


Ing. Fco. Javier Otero De Alba
Diplomado en Seguridad Informática ITESM CEM 
JNSA-S, JNSS-S
ITStrap
Product Manager 
Juniper Secure Access SSL
5243-4782 al 84 Ext.300
México, D.F.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS Evaluation, David W. Goodrum
Next by Date:  Re: IDS Evaluation, Raffael Marty
Previous by Thread:  IDS/IPS, Log Management and Compliance, Security Focus
Next by Thread:  RE: IP 127.0.0.1, David Gillett
Indexes:  [Date] [Thread] [Top] [All Lists]