Every time I open my NTTP client, I get these 10-20 a minute!:
Intrusion Protection Alert
An intrusion has been detected. The packet has been dropped
automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: EXPLOIT Apple Quicktime TCP RTSP sdp type buffer
overflow attempt
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=12741
Time...........: 2008:08:01-07:35:26
Packet dropped.: yes
Priority.......: 1 (high)
Classification.: Attempted User Privilege Gain
IP protocol....: 6 (TCP)
Source IP address: 130.57.5.50
- http://www.dnsstuff.com/tools/ptr.ch?ip=130.57.5.50
- http://www.ripe.net/perl/whois?query=130.57.5.50
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=130.57.5.50
- http://cgi.apnic.net/apnic-bin/whois.pl?search=130.57.5.50
Source port: 119 (nntp)
Destination IP address: 192.168.100.198
- http://www.dnsstuff.com/tools/ptr.ch?ip=192.168.100.198
- http://www.ripe.net/perl/whois?query=192.168.100.198
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=192.168.100.198
- http://cgi.apnic.net/apnic-bin/whois.pl?search=192.168.100.198
Destination port: 49253
This is the Novell, Inc. NNTP server address, and I don't know why ASG thinks this is an intrusion threat, but it's making me crazy [:)]
Is 12741 the "rule number" so I can make an exception and turn this off?
Thanks.
Danita
This thread was automatically locked due to age.
