Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Need to verify if I am being spoofed or hacked

    Firewalling
    1
    1
    169
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Coyote1Abe last edited by

      Need help understanding what is happening after the snort notification show the alert. It seems that a 7:50:30am some IP sends some files and then the snort starts notifying of a possible spoof, can someone help me understand that is happening. Greatly appreciate any help, I have drilled google without luck on understanding what is happening.

      May 11 07:50:30 snort 46192 spo_pf -> Firewall interface IP address change notification monitoring thread started.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv4 address 10.10.10.1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv4 address 127.0.0.1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv6 address fe80::1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv6 address ::1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb3 IPv4 address 192.168.30.1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb3 IPv6 address fe80::2e0:67ff:fe21:5ff3 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb2 IPv4 address 192.168.20.1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb2 IPv6 address fe80::2e0:67ff:fe21:5ff2 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb1 IPv4 address 10.0.0.75 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb1 IPv6 address fe80::2e0:67ff:fe21:5ff1 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb0 IPv4 address 10.0.0.74 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb0 IPv6 address fe80::2e0:67ff:fe21:5ff0 to automatic interface IP Pass List.
      May 11 07:50:30 snort 46192 [1:26989:7] FILE-OTHER Multiple products ZIP archive virus detection bypass attempt [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 34.104.35.123:80 -> 192.168.30.110:40370

      1 Reply Last reply Reply Quote 0
      • First post
        Last post