This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Exclusion not working?

I recently added a new TiVo to our home network, and every now and then - presumably when it's downloading new multimedia content - I see a flood of Intrusion Prevention alerts from my UTM9:

Message........: FILE-MULTIMEDIA 3ivx MP4 file parsing cmt buffer overflow attempt

Details........: www.snort.org/.../13318

Time...........: 2013-02-06 04:10:21

Packet dropped.: yes

Priority.......: high

Classification.: Attempted User Privilege Gain

IP protocol....: 6 (TCP)



Source IP address: 72.21.81.253 

Source port: 80 (http)

Destination IP address: 192.168.0.115 

Destination port: 34822

I know I could just disable this specific rule, but I would like to keep that protection in place for the rest of the network, so I tried to exclude IPS processing for traffic bound for that particular device.

Under Network --> Intrusion Prevention --> Exceptions, I created a new rule with

Skip these checks: Intrusion Prevention

Going to these destinations: TiVo (192.168.0.115)

saved it, and marked it active.

But the alerts continue to arrive. Am I missing something, or is this not working as designed?

This thread was automatically locked due to age.

Parents

0 JonEtkins over 12 years ago

Yes, 9.004-33. I haven't applied -34 since the release notes say it's only relevant for cluster or HA environments.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JonEtkins over 12 years ago

Yes, 9.004-33. I haven't applied -34 since the release notes say it's only relevant for cluster or HA environments.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 usmcflyr over 11 years ago in reply to JonEtkins

I have the same issue… running 8.312

I've had to modify sid: 12183, 13320, 13318, 13316, 13319, 17203, 4679, and 13917

Don't know why the exception to the individual networks (smart tv, directv, etc) won't work.
Cancel
Vote Up 0 Vote Down

Cancel