Re: ipcop and loopback
Date: Thu, 09 Oct 2003 15:27:59 -0700
> ipcop intrusion detection system returns this advice
> Under normal circumstances traffic to the localhost (127.0.0.0/8) should
> only be seen on the loopback interface (lo0).
> an indicator of unauthorized network use, reconnaisance activity or
> system compromise. These rules may also generate an event due to
> improperly configured network devices
> How to set up an iptable rule to fix it?
You plan to use an iptable rule to fix your network misconfiguration? Read
the message. It says your network is misconfigured. 127.0.0.1 is local. Get
it? Iptable rules is the wrong approach. Fixing that bad entry you put in
/etc/hosts would be a better approach.
- Re: ipcop and loopback
... >> ipcop intrusion detection system returns this advice ... >> improperly configured network devices ... > You plan to use an iptable rule to fix your network misconfiguration? ...
- Re: Statistical Anomaly Analysis? (was: a bunch of things)
... > intrusion on your network environment. ... but those aren't the people complaining about too many alerts. ... > the point of an intrusion detection system. ... If you disagree with my suggestion about disabling alerts then how do ...
- Re: security advice
... Install a host based intrusion detection system like Tripwire or AIDE ... Install a network based intrusion detection system like Snort ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ ...
- Networking IDS Correlation Question
... correlates Intrusion Detection System (IDS) data from network and host based ... both internal and external to the network. ...
- ipcop and loopback
... ipcop intrusion detection system returns this advice ... an indicator of unauthorized network use, ... improperly configured network devices ... How to set up an iptable rule to fix it? ...