Network Attacks

i,

i see number of these every day, that are attacking my LG-TV in theory. They were attacking my MAC Book Pros until I disabled the rule. Usually they are image processing warnings which I believe is out of date and can be disabled. I am not sure why they haven't aged out of the XG IPS database.

Ian

Hello Kenneth,

It could be a false positive and we would request for you to open a support ticket to collect the logs and possible samples from your end. You can raise a support case from here.

I see a lot of this as well, if you really dig into it, i.e. do TCP Dumps on the devices and see what the IP is doing with what ports, then use an application like cports on the device (if you can) to see what process is using it, then use procmon to see what the process is doing you can better understand what is going on.  In essence play connect the dots lalalalala if each of the pieces in the puzzle to see the whole picture.

I think it is also important to point out that many times software developers like Microsoft, Apple and Google try to gain a ton of info for analytics, one time I was working for a school district and we did some wireshark work on the LAN, between the 3 OS's the amount of packets going back an forth was astounding.

There is also the possibility of something you have setup blocking it as well, I know this is not the exact case but a good scenario-

I setup country blocking, basically blocked multiple countries going to and from, the next day I opened up Word and noticed that the templates were not there, turns out Word was trying to pull the templates from Singapore, country blocking wasn't allowing it so Word just timed out.  My point is that many times we can get false positives because every network is unique and specific configuring is needed, it is the admins job to determine if the risk out weighs the use.