Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Rail Khamdeev2014-10-23 10:36:35
linux
Rail Khamdeev, 2014-10-23 10:36:35

What is snort complaining about?

Good day everyone!
Delivered one of these days snort on the server. Because I practically have no experience with it left default configs. So the following entries began to appear in the alert-log:


[**] [1:527:8] BAD-TRAFFIC same SRC/DST [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
10/23-05:04:22.637386 0.0.0.0 -> 224.0. 0.1
IGMP TTL:1 TOS:0xC0 ID:0 IpLen:24 DgmLen:32 DF
IP Options (1) => RTRALT
[Xref => http://www.cert.org/advisories/CA-1997-28.html] [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999... => http://www.securityfocus.com/bid/2666
]

Is it worth responding to them?
PS
And in the snort configs there are a lot of settings for monitoring the ports of services that I don't have (for example, ORACLE). Is it possible to turn this thing off completely and will there be any sense in this in terms of saving resources?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
3
3vi1_0n3, 2014-10-23
@3vi1_0n3

He writes that suspicious traffic has been noticed, packets in which the source and destination match, and potentially such traffic could be a DoS attempt.
This does not mean that you have any problems.
It also provides links to information. It says the following:

II. Impact
Topic 1 - Teardrop
Any remote user can crash a vulnerable machine.
Topic 2 - Land
Any remote user that can send spoofed packets to a host can crash or "hang" that host.

That is, the following problems can potentially arise: a remote user can cause a failure and any remote user can "hang" the host to which such packets go.
There we see the following:
Red Hat Software
Topic 1 - Teardrop
Linux is not vulnerable.
Topic 2 - Land
Linux is not vulnerable.

If you have Linux, then there will most likely be no problems.

Report
E
Evgeny Ferapontov, 2014-10-23
@e1ferapontov

Address Value
224.0.0.1 All nodes in this segment

Similar to IGMP general query. habrahabr.ru/post/217585 - here is a good article on the topic of multicast.
I can’t say anything about Snort, because. I first heard about it after your post.

Similar questions
A
alexnem2020-09-26 09:46:45
Big time using a new laptop? 5Reply
S
SampleDev2020-07-27 15:44:24
Why does KDE Neon freeze? 1Reply
I
Ilya Erokhin2016-03-24 18:38:53
How to distribute the output of command line utilities via the web? 1Reply
S
Sergey Goryachev2016-03-25 00:24:38
How to store files in the cloud, and give via www? 2Reply
I
Issue2021-11-02 21:10:22
What's wrong with compiling on linux? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question