[7.880][BUG][FIXED] FYI: Snort blocking my avatar on astaro.org

For some reason, snort thinks my avatar on this site is malicious and blocks it[:)]

Message........: WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt
Details........: Snort ::
Time...........: 2010:02:27-22:34:30
Packet dropped.: yes
Priority.......: 1high
Classification.: Attempted User Privilege Gain IP protocol....: 6 (TCP)

Source IP address: 85.115.22.9
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
Source port: 80 (http)
Destination IP address: 192.168.0.10

Parents

0 kbr over 15 years ago

AFAICT the "not showing any images on images.google.com" is totally unrelated.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Billybob over 15 years ago in reply to kbr

I am not too sure if it is unrelated. Last night I was trying to update my tomtom and got the exact same error. The reason I say that is because the file I was downloading was a multi part archive and the proxy informed me of that. So snort didn't have a problem with proxy downloading it initially but when I bypassed the proxy and tried downloading it directly, snort caught it with the same error as in the original post.

Lets just close this thread and hopefully it will be fixed when the proxy problem is fixed.

Regards
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 kbr over 15 years ago in reply to Billybob

Lets just close this thread and hopefully it will be fixed when the proxy problem is fixed.

You're probably right. It'll be tracked as two separate issues though, because i want our IPS guy to take a look. Blocking images from out own forum is... funny.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 kbr over 15 years ago in reply to Billybob

Lets just close this thread and hopefully it will be fixed when the proxy problem is fixed.

You're probably right. It'll be tracked as two separate issues though, because i want our IPS guy to take a look. Blocking images from out own forum is... funny.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Billybob over 15 years ago in reply to kbr
Ok this is still going on with newer version. I think I have narrowed it down a little to the setup that causes this.
This is my setup, transparent proxy on, http allow any rule in packet filter for all the tests. Ofcourse IPS is enabled for everything also.

1. No problems with just transparent proxy enabled.
2. No problems with transparent proxy off and just packet filter http traffic.
3. Snort blocking traffic if I add just my PC to the advanced-->skip transparent mode hosts/net.
Message........: WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt
Details........: www.snort.org/.../3192
Time...........: 2010:03:07-11:43:29
Packet dropped.: yes
Priority.......: 1high
Classification.: Attempted User Privilege Gain IP protocol....: 6 (TCP)

Source IP address: 85.115.22.9
- www.dnsstuff.com/.../ptr.ch
- www.ripe.net/.../whois
- ws.arin.net/.../whois.pl
- cgi.apnic.net/.../whois.pl
Source port: 80 (http)
Destination IP address: 192.168.0.10
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel