This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Exclusion not working?

I recently added a new TiVo to our home network, and every now and then - presumably when it's downloading new multimedia content - I see a flood of Intrusion Prevention alerts from my UTM9:

Message........: FILE-MULTIMEDIA 3ivx MP4 file parsing cmt buffer overflow attempt

Details........: www.snort.org/.../13318

Time...........: 2013-02-06 04:10:21

Packet dropped.: yes

Priority.......: high

Classification.: Attempted User Privilege Gain

IP protocol....: 6 (TCP)



Source IP address: 72.21.81.253 

Source port: 80 (http)

Destination IP address: 192.168.0.115 

Destination port: 34822

I know I could just disable this specific rule, but I would like to keep that protection in place for the rest of the network, so I tried to exclude IPS processing for traffic bound for that particular device.

Under Network --> Intrusion Prevention --> Exceptions, I created a new rule with

Skip these checks: Intrusion Prevention

Going to these destinations: TiVo (192.168.0.115)

saved it, and marked it active.

But the alerts continue to arrive. Am I missing something, or is this not working as designed?

This thread was automatically locked due to age.

Parents

0 BAlfson over 12 years ago

I haven't seen that problem before. 13318 is five years old, so, unless you have an old XP machine with an unpatched version of Windows Media Player, the easiest thing would seem to be just disabling this rule.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 12 years ago

I haven't seen that problem before. 13318 is five years old, so, unless you have an old XP machine with an unpatched version of Windows Media Player, the easiest thing would seem to be just disabling this rule.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data