There are a lot of ISPs (including Sprint) that do not filter the non-routable
addresses at every router. In some cases, these addresses can carry on a full
session. The default condition for most routers is to allow the routing.
In your case, you might try tracerouting to it (assuming you are not using
those same addresses).

> Snort LAN sensor
> Here is the line from acid :
> Source
> destination
> DOS MSDTC attempt 207.35.159.36:80 10.0.0.249:3372
> TCP
>
>
> How is this possible? 10.0.0.249 is a proxy machine taht doesn't have public
> ip. How somebody can connect to non-routable ip from the outside world?
> Or should I interpret this line as something else?

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]