This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

rule 57878 and awsdns

Am I the only one plagued by this. 500 alerts in a couple of hours over a 10 year old vulnerability.

rule now set to drop and notify off. It is not one awsdns server. It looks to be all of them.

Details about the intrusion alert:

Message........: PROTOCOL-DNS Microsoft Threat Management Gateway heap buffer overflow attempt
Details........: https://www.snort.org/search?query=57878
Time...........: 2021-07-17 11:47:19
Packet dropped.: no
Priority.......: high
Classification.: Attempted User Privilege Gain
IP protocol....: 17 (UDP)

Source IP address: 205.251.192.220 (ns-220.awsdns-27.com)

This thread was automatically locked due to age.

Parents

Robert Williams over 2 years ago

Has anyone come up with a solution or has it been identified as a false positive?
Cancel
Vote Up 0 Vote Down

Cancel
starfish4711 over 2 years ago in reply to Robert Williams

Seeing this here also, DNS request in question are for "www.limango.de" and "rpe.dymatrix.cloud". I also guess that these are false alarms, but would like to see a confirmation and of course a bugfix so that these false alarms stop.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

starfish4711 over 2 years ago in reply to Robert Williams

Seeing this here also, DNS request in question are for "www.limango.de" and "rpe.dymatrix.cloud". I also guess that these are false alarms, but would like to see a confirmation and of course a bugfix so that these false alarms stop.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data