Thread Info
  • State Not Answered
  • Replies 2 replies
  • Subscribers 0 subscribers
  • Views 566 views
  • Users 0 members are here
Options
Suggested

[7.851][DUPE][RESOLVED] ips same ip

utm_kid
Hello Friends !

i am facing old problem of same ip detect when i am using my public ip with my wan iterface (ethernet bridge --not astaro's bridge, my adsl router is in bridge mode)


2010:01:01-09:48:29 acenn snort[5432]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="LAND Attack, sameip detected" group="242" srcip="0000:0000:0000:0000:0000:0000:0000:0000" dstip="ff02:0000:0000:0000:0000:0000:0000:0016" proto="58" srcport="0" dstport="0" sid="200012" class="" priority="0" generator="1" msgid="0"
2010:01:01-09:48:30 acenn snort[5432]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="LAND Attack, sameip detected" group="242" srcip="0000:0000:0000:0000:0000:0000:0000:0000" dstip="ff02:0000:0000:0000:0000:0001:ff9b:a579" proto="58" srcport="0" dstport="0" sid="200012" class="" priority="0" generator="1" msgid="0"
2010:01:01-09:49:14 acenn snort[5432]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="LAND Attack, sameip detected" group="242" srcip="192.168.2.150" dstip="192.168.2.150" proto="6" srcport="1580" dstport="25" sid="200012" class="" priority="0" generator="1" msgid="0"
2010:01:01-09:49:17 acenn snort[5432]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="LAND Attack, sameip detected" group="242" srcip="192.168.2.150" dstip="192.168.2.150" proto="6" srcport="1580" dstport="25" sid="200012" class="" priority="0" generator="1" msgid="0"
2010:01:01-09:49:23 acenn snort[5432]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="LAND Attack, sameip detected" group="242" srcip="192.168.2.150" dstip="192.168.2.150" proto="6" srcport="1580" dstport="25" sid="200012" class="" priority="0" generator="1" msgid="0" 

i have added that rules in modified rule to disable rule 

but here its showing my laptop's ip as it was showing my public ip last time 

and its showing 0000-0000-0000-0000-0000-0000 as a ip6 ?

which other log is require to further diagnose 

https://community.sophos.com/products/unified-threat-management/astaroorg/f/98/t/68378


thanks
Parents Reply Children
No Data
Cookie Information Banner