[Dshield] Odd traffic at home

Deb Hale haled at pionet.net
Wed Dec 31 14:18:04 GMT 2003


Ron,
I have been seeing this since the middle of November.  Still not able to
figure out what it is. I have talked to my ISP but like everything else -
they don't care!  Let me know if you discover anything definite about what
this traffic is.  Deb


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Ronnie & Stacy Clark
Sent: Tuesday, December 30, 2003 9:52 PM
To: General DShield Discussion List
Subject: [Dshield] Odd traffic at home


Hello all, 

I was checking my firewall logs tonight, and I see and upturn in the amount
of SubSeven probes, the usual Nachia / Welchia pings, and the tons of
NetBios stuff. But what caught my eye was the traffic coming from 127.0.0.1
to my outside interface. Anyone else seeing this kind of traffic? If anyone
wants mre packet information, let me know, I am running Snort and have full
packet captures. 

Thanks,
Ron Clark

12/30-16:33:25.128018 127.0.0.1:80 -> 24.aaa.bbb.ccc:1777
12/30-16:46:08.980772 127.0.0.1:80 -> 24.aaa.bbb.ccc:1920
12/30-16:57:11.461502 127.0.0.1:80 -> 24.aaa.bbb.ccc:1306
12/30-16:59:32.541353 127.0.0.1:80 -> 24.aaa.bbb.ccc:1859
12/30-16:59:49.456395 127.0.0.1:80 -> 24.aaa.bbb.ccc:1355
12/30-17:04:00.786504 127.0.0.1:80 -> 24.aaa.bbb.ccc:1677
12/30-17:10:21.946413 127.0.0.1:80 -> 24.aaa.bbb.ccc:1192
12/30-17:10:38.554322 127.0.0.1:80 -> 24.aaa.bbb.ccc:1456
12/30-17:31:30.131265 127.0.0.1:80 -> 24.aaa.bbb.ccc:1402
12/30-17:42:19.243221 127.0.0.1:80 -> 24.aaa.bbb.ccc:1503
12/30-17:54:11.406750 127.0.0.1:80 -> 24.aaa.bbb.ccc:1172
12/30-17:58:19.688747 127.0.0.1:80 -> 24.aaa.bbb.ccc:1257
12/30-18:03:28.548280 127.0.0.1:80 -> 24.aaa.bbb.ccc:1345
12/30-18:13:26.400789 127.0.0.1:80 -> 24.aaa.bbb.ccc:1584
12/30-18:28:28.376818 127.0.0.1:80 -> 24.aaa.bbb.ccc:1431
12/30-18:28:45.015779 127.0.0.1:80 -> 24.aaa.bbb.ccc:1927
12/30-18:32:58.678750 127.0.0.1:80 -> 24.aaa.bbb.ccc:1098
12/30-18:57:45.243791 127.0.0.1:80 -> 24.aaa.bbb.ccc:1843
12/30-19:00:25.707160 127.0.0.1:80 -> 24.aaa.bbb.ccc:1974
12/30-19:03:34.057596 127.0.0.1:80 -> 24.aaa.bbb.ccc:1230
12/30-19:10:41.464567 127.0.0.1:80 -> 24.aaa.bbb.ccc:1315
12/30-19:12:51.196552 127.0.0.1:80 -> 24.aaa.bbb.ccc:1403
12/30-19:13:48.060357 127.0.0.1:80 -> 24.aaa.bbb.ccc:1603
12/30-19:24:12.193487 127.0.0.1:80 -> 24.aaa.bbb.ccc:1659
12/30-19:32:24.087751 127.0.0.1:80 -> 24.aaa.bbb.ccc:1916
12/30-19:34:09.426078 127.0.0.1:80 -> 24.aaa.bbb.ccc:1130
12/30-19:43:26.569495 127.0.0.1:80 -> 24.aaa.bbb.ccc:1303
12/30-19:53:42.315899 127.0.0.1:80 -> 24.aaa.bbb.ccc:1644
12/30-20:02:59.459787 127.0.0.1:80 -> 24.aaa.bbb.ccc:1817
12/30-20:12:56.700704 127.0.0.1:80 -> 24.aaa.bbb.ccc:1056
12/30-20:44:07.675148 127.0.0.1:80 -> 24.aaa.bbb.ccc:1603
12/30-21:16:51.433674 127.0.0.1:80 -> 24.aaa.bbb.ccc:1910
12/30-21:20:19.027112 127.0.0.1:80 -> 24.aaa.bbb.ccc:1242
12/30-21:30:16.259600 127.0.0.1:80 -> 24.aaa.bbb.ccc:1481

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list






More information about the list mailing list