Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Need to verify if I am being spoofed or hacked

    Firewalling
    1
    1
    126
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Coyote1Abe last edited by

      Need help understanding what is happening after the snort notification show the alert. It seems that a 7:50:30am some IP sends some files and then the snort starts notifying of a possible spoof, can someone help me understand that is happening. Greatly appreciate any help, I have drilled google without luck on understanding what is happening.

      May 11 07:50:30 snort 46192 spo_pf -> Firewall interface IP address change notification monitoring thread started.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv4 address 10.10.10.1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv4 address 127.0.0.1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv6 address fe80::1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv6 address ::1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb3 IPv4 address 192.168.30.1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb3 IPv6 address fe80::2e0:67ff:fe21:5ff3 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb2 IPv4 address 192.168.20.1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb2 IPv6 address fe80::2e0:67ff:fe21:5ff2 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb1 IPv4 address 10.0.0.75 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb1 IPv6 address fe80::2e0:67ff:fe21:5ff1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb0 IPv4 address 10.0.0.74 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb0 IPv6 address fe80::2e0:67ff:fe21:5ff0 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 [1:26989:7] FILE-OTHER Multiple products ZIP archive virus detection bypass attempt [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 34.104.35.123:80 -> 192.168.30.110:40370

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy