[Dshield] Odd traffic at home

Johannes B. Ullrich jullrich at sans.org
Wed Dec 31 14:28:42 GMT 2003


sorry I missed this post until now. Does your ISP resolve
'windowsupdate.com' to 127.0.0.1? Your answer may be here:


http://isc.sans.org/diary.html?date=2003-12-17


> I was checking my firewall logs tonight, and I see and upturn in the amount
> of SubSeven probes, the usual Nachia / Welchia pings, and the tons of
> NetBios stuff. But what caught my eye was the traffic coming from 127.0.0.1
> to my outside interface. Anyone else seeing this kind of traffic? If anyone
> wants mre packet information, let me know, I am running Snort and have full
> packet captures. 

-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807            
  fax: (617) 786 1550                          jullrich at sans.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031231/bcd73bda/attachment.bin


More information about the list mailing list