This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Snort rules 29465/29466 and Google

This morning, I started getting a bunch of email alerts from the UTM, telling me it was dropping packets due to snort rules 29465 and 29466 - "FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt"

The source IP's belong to Google (both ipV4 and IPv6) and the traffic was destined for my iPhone and my wife's Android phone.

Snort themselves have no documentation for these rules, but I did find them mentioned in their changelog where they have changed to be Disabled by default.

That changelog entry was dated almost two weeks ago, which begs the question of how long is the lead time for this sort of change to get included in a Sophos pattern update?

Meanwhile, I'm off to disable those rules manually.

This thread was automatically locked due to age.

0 BarryG over 10 years ago

Yeah, I'm getting a bunch of these too; going to disable the rule when I get around to it.

Some of mine were while installing updates from the Android Play store for Google's apps.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 binaryspiral over 10 years ago

I'd like to add this was also blocking a large (5GB) download from the Apple App store on my home network... going to disable it also!

Media was hosted on Akamai's CDN, and IPS was reporting blocking attacks from their IP.

FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt
Cancel
Vote Up 0 Vote Down

Cancel