[Dshield] Odd traffic at home

Ronnie & Stacy Clark rsclark at kingwoodcable.net
Wed Dec 31 03:52:29 GMT 2003


Hello all, 

I was checking my firewall logs tonight, and I see and upturn in the amount
of SubSeven probes, the usual Nachia / Welchia pings, and the tons of
NetBios stuff. But what caught my eye was the traffic coming from 127.0.0.1
to my outside interface. Anyone else seeing this kind of traffic? If anyone
wants mre packet information, let me know, I am running Snort and have full
packet captures. 

Thanks,
Ron Clark

12/30-16:33:25.128018 127.0.0.1:80 -> 24.aaa.bbb.ccc:1777
12/30-16:46:08.980772 127.0.0.1:80 -> 24.aaa.bbb.ccc:1920
12/30-16:57:11.461502 127.0.0.1:80 -> 24.aaa.bbb.ccc:1306
12/30-16:59:32.541353 127.0.0.1:80 -> 24.aaa.bbb.ccc:1859
12/30-16:59:49.456395 127.0.0.1:80 -> 24.aaa.bbb.ccc:1355
12/30-17:04:00.786504 127.0.0.1:80 -> 24.aaa.bbb.ccc:1677
12/30-17:10:21.946413 127.0.0.1:80 -> 24.aaa.bbb.ccc:1192
12/30-17:10:38.554322 127.0.0.1:80 -> 24.aaa.bbb.ccc:1456
12/30-17:31:30.131265 127.0.0.1:80 -> 24.aaa.bbb.ccc:1402
12/30-17:42:19.243221 127.0.0.1:80 -> 24.aaa.bbb.ccc:1503
12/30-17:54:11.406750 127.0.0.1:80 -> 24.aaa.bbb.ccc:1172
12/30-17:58:19.688747 127.0.0.1:80 -> 24.aaa.bbb.ccc:1257
12/30-18:03:28.548280 127.0.0.1:80 -> 24.aaa.bbb.ccc:1345
12/30-18:13:26.400789 127.0.0.1:80 -> 24.aaa.bbb.ccc:1584
12/30-18:28:28.376818 127.0.0.1:80 -> 24.aaa.bbb.ccc:1431
12/30-18:28:45.015779 127.0.0.1:80 -> 24.aaa.bbb.ccc:1927
12/30-18:32:58.678750 127.0.0.1:80 -> 24.aaa.bbb.ccc:1098
12/30-18:57:45.243791 127.0.0.1:80 -> 24.aaa.bbb.ccc:1843
12/30-19:00:25.707160 127.0.0.1:80 -> 24.aaa.bbb.ccc:1974
12/30-19:03:34.057596 127.0.0.1:80 -> 24.aaa.bbb.ccc:1230
12/30-19:10:41.464567 127.0.0.1:80 -> 24.aaa.bbb.ccc:1315
12/30-19:12:51.196552 127.0.0.1:80 -> 24.aaa.bbb.ccc:1403
12/30-19:13:48.060357 127.0.0.1:80 -> 24.aaa.bbb.ccc:1603
12/30-19:24:12.193487 127.0.0.1:80 -> 24.aaa.bbb.ccc:1659
12/30-19:32:24.087751 127.0.0.1:80 -> 24.aaa.bbb.ccc:1916
12/30-19:34:09.426078 127.0.0.1:80 -> 24.aaa.bbb.ccc:1130
12/30-19:43:26.569495 127.0.0.1:80 -> 24.aaa.bbb.ccc:1303
12/30-19:53:42.315899 127.0.0.1:80 -> 24.aaa.bbb.ccc:1644
12/30-20:02:59.459787 127.0.0.1:80 -> 24.aaa.bbb.ccc:1817
12/30-20:12:56.700704 127.0.0.1:80 -> 24.aaa.bbb.ccc:1056
12/30-20:44:07.675148 127.0.0.1:80 -> 24.aaa.bbb.ccc:1603
12/30-21:16:51.433674 127.0.0.1:80 -> 24.aaa.bbb.ccc:1910
12/30-21:20:19.027112 127.0.0.1:80 -> 24.aaa.bbb.ccc:1242
12/30-21:30:16.259600 127.0.0.1:80 -> 24.aaa.bbb.ccc:1481




More information about the list mailing list