LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Snort loopback interface results, can anyone tell me or explain it better, I know it looks suspicious and i am hacked (https://www.linuxquestions.org/questions/linux-security-4/snort-loopback-interface-results-can-anyone-tell-me-or-explain-it-better-i-know-it-looks-suspicious-and-i-am-hacked-4175731090/)

rightnow45 11-21-2023 04:49 PM
Snort loopback interface results, can anyone tell me or explain it better, I know it looks suspicious and i am hacked
 
Here is what I get on snort on the loopback interface scanned.

This is my snort terminal results

168.8.108
11/21-16:31:23.227880 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.227893 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.227907 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.227921 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.227935 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.227948 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.227961 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228046 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228062 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228075 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228089 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228103 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228116 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228129 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228142 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228155 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228169 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228183 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:23.228196 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.231686 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.231764 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.231814 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.231864 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.231914 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.231965 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232014 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232063 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232111 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232159 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232208 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232259 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232582 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232644 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232694 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232742 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232790 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232839 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232888 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232938 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.232989 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.233040 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.233089 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:31:28.233138 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 192.168.8.108 -> 192.168.8.108
11/21-16:41:32.173490 [**] [1:528:5] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 127.0.0.1:60816 -> 127.0.0.1:39306
11/21-16:41:32.173490 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 127.0.0.1:60816 -> 127.0.0.1:39306
11/21-16:59:57.359398 [**] [1:528:5] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 127.0.0.1:39306 -> 127.0.0.1:60816

any ideas ?

Ser Olmy 11-21-2023 06:34 PM
So you're examining traffic on the lo interface, and see local services accessing other local services running on the host. Why would you find that suspicious?

rightnow45 11-21-2023 10:57 PM
because almost everything that looks a bit odd even though could be a loopback false positive by snort
with traffic looping with my computer because i have a hacking issue

rightnow45 11-21-2023 10:59 PM
most likely it is nothing just the results are big and snort is saying bad traffic even though most of snorts results
are false positives.I guess its nothing

Peter_APIIT 02-08-2024 01:33 AM
It is false positives unless it falls on WAN interface.


All times are GMT -5. The time now is 10:31 AM.