Snort mailing list archives
cve cve[snort] MISC UPnP malformed advertisement ?!?!?!
From: Andre Cameron <andrec () cydock com>
Date: Sat, 05 Jul 2003 14:32:47 -0400
Hi,My router is at 192.168.1.1 it is a Linksys and my server is at 192.168.1.111 and for some reason I keep getting these alerts (100's of em!)
#0-(1-2110) <http://cydock.gotdns.com:8090/acid/acid_qry_alert.php?submit=%230-%281-2110%29&sort_order=> cve bugtraq bugtraq cve[snort <http://www.snort.org/snort-db/sid.html?sid=1807>] WEB-MISC Transfer-Encoding: chunked 2003-07-05 18:33:15 192.168.1.111 <http://cydock.gotdns.com:8090/acid/acid_stat_ipaddr.php?ip=192.168.1.111&netmask=32>:8090 192.168.1.1 <http://cydock.gotdns.com:8090/acid/acid_stat_ipaddr.php?ip=192.168.1.1&netmask32>:39274 TCP #1-(1-2108) <http://cydock.gotdns.com:8090/acid/acid_qry_alert.php?submit=%231-%281-2108%29&sort_order=> cve cve[snort <http://www.snort.org/snort-db/sid.html?sid=1384>] MISC UPnP malformed advertisement 2003-07-05 18:32:57 192.168.1.1 <http://cydock.gotdns.com:8090/acid/acid_stat_ipaddr.php?ip=192.168.1.1&netmask=32>:1901 239.255.255.250 <http://cydock.gotdns.com:8090/acid/acid_stat_ipaddr.php?ip=239.255.255.250&netmask32>:1900 UDP
Any one have any clue whats making all these fals positives and get snort to stop? Is there an ignore file some where to put IP's to ignore?
aNc ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- cve cve[snort] MISC UPnP malformed advertisement ?!?!?! Andre Cameron (Jul 05)
- Re: cve cve[snort] MISC UPnP malformed advertisement ?!?!?! Erek Adams (Jul 05)