Firewall (smoothwall) reports 'Potentially Bad Traffic' from 127.0.0.1:80...

Having just got my adsl line, with a Smoothwall (linux-firewall) box
feeding a house-side net of 2 or 3 machines, I'm looking nervously at
the intrusion detection log...

It started showing significant activity yesterday - (3 of the early
instance appeared to be from Mr Demon, but there were also a couple of
reports of MS-SQL worms...)
Then towards the end of the day I started getting 'potentially bad
traffic' from 127:0.0.1:80 (!) to my new adsl demon IP at high ports
(eg, this morning it's here again, to port 1286)

In all these instances I've had an NT box or two up as well as my main
linux-box.

Is it possible that these packets are internally generated, so I don't
need to worry,
or has demon-adsl really got spoofed packets from the loopback address
flying round on it (as the ref. to a note on www.sans.org in the
smoothwall log would suggest)???

Bob

--
robert w hall

"robert w hall" <(E-Mail Removed)> wrote in message
news:2LhKvAAtKZY$(E-Mail Removed)...
> Having just got my adsl line, with a Smoothwall (linux-firewall) box
> feeding a house-side net of 2 or 3 machines, I'm looking nervously at
> the intrusion detection log...
>

Probably blaster, many companies set windows update to resolve to
127.0.0.1...

So there has been a lot of traffic flying around to this address.

Incident lists have had a lot of talk about this.

--

-+ Shaolin +-
Discard what is useless, absorb what is not and
add what is uniquely your own.

.: http://www.security-forums.com :.

On Fri, 12 Sep 2003 10:32:29 +0100, robert w hall
<(E-Mail Removed)> wrote:


>Then towards the end of the day I started getting 'potentially bad
>traffic' from 127:0.0.1:80 (!) to my new adsl demon IP at high ports
>(eg, this morning it's here again, to port 1286)
>
>

Its possible snort is getting its drawers in a knot over your transparent
proxy server.


greg

--
$ReplyAddress =~ s#\@.*$##; # Delete everything after the '@'
Who lives in a pineapple under the sea? Absorbent and yellow and pourous is he!
If nautical nonsense be something you wish! Then drop on the deck and flop like a fish!