snort problem
William Aaron Holt
bill.h at angelfire.com
Fri Oct 19 15:24:00 EDT 2001
127.0.0.1 with subnet mask 255.255.255.255
ip address: 01111111.00000000.00000000.00000001 subnet mask: 11111111.11111111.11111111.11111111
If you do a binary AND between these two numbers, you get the network address:
ip address: 01111111.00000000.00000000.00000001 subnet mask: 11111111.11111111.11111111.11111111 -----------------------------------AND network address: 01111111.00000000.00000000.00000001
which translated back to dotted decimal notation is 127.0.0.1
To get the host portion, invert the subnet mask and again perform a binary AND with the ip address:
ip address: 01111111.00000000.00000000.00000001inverted subnet mask: 00000000.00000000.00000000.00000000 -----------------------------------AND host portion: 00000000.00000000.00000000.00000000
which translated back to dotted decimal notation is 0.0.0.0 //...hmm......
To obtain the broadcast address, again it is simplest to look at it in binary. Take the inverted subnet mask and perform a binary XOR with the network address:
network address: 01111111.00000000.00000000.00000001inverted subnet mask: 00000000.00000000.00000000.00000000 -----------------------------------XOR broadcast address: 01111111.00000000.00000000.00000001
which translated back to dotted decimal notation is 127.0.0.1
---
"It takes a big man to cry, but it takes a bigger man to laugh at that man..."-Jack Handy
On Fri, 19 Oct 2001 14:42:55
dlewis wrote:
>Hello all. I have been receiving these inputs in my alert file from snort:
>
>10/18-00:29:27.524950 [**] [1:528:2] BAD TRAFFIC loopback traffic [**]
>[Classification: Potentially Bad Traffic] [Priority: 2] {UDP}
>127.0.0.1:2301 -> 255.255.255.255:2301
>10/18-00:30:27.596189 [**] [1:528:2] BAD TRAFFIC loopback traffic [**]
>[Classification: Potentially Bad Traffic] [Priority: 2] {UDP}
>127.0.0.1:2301 -> 255.255.255.255:2301
>10/18-00:31:27.725125 [**] [1:528:2] BAD TRAFFIC loopback traffic [**]
>[Classification: Potentially Bad Traffic] [Priority: 2] {UDP}
>127.0.0.1:2301 -> 255.255.255.255:2301
>10/18-00:32:27.834094 [**] [1:528:2] BAD TRAFFIC loopback traffic [**]
>[Classification: Potentially Bad Traffic] [Priority: 2] {UDP}
>127.0.0.1:2301 -> 255.255.255.255:2301
>10/18-00:33:27.933912 [**] [1:528:2] BAD TRAFFIC loopback traffic [**]
>[Classification: Potentially Bad Traffic] [Priority: 2] {UDP}
>127.0.0.1:2301 -> 255.255.255.255:2301
>
>
>This comes up a lot... Anyone have any idea as to why I am getting this?
>Thank you.
>
>-
>Subcription/unsubscription/info requests: send e-mail with
>"subscribe", "unsubscribe", or "info" on the first line of the
>message body to discuss-request at blu.org (Subject line is ignored).
>
Get 250 color business cards for FREE!
http://businesscards.lycos.com/vp/fastpath/
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list