[Snort-users] cve cve[snort] MISC UPnP malformed advertisement ?!?!?!

Andre Cameron andrec at ...9609...
Sat Jul 5 11:31:02 EDT 2003


Hi,

My router is at 192.168.1.1 it is a Linksys and my server is at 
192.168.1.111 and for some reason I keep getting these alerts (100's of em!)

         #0-(1-2110) 
<http://cydock.gotdns.com:8090/acid/acid_qry_alert.php?submit=%230-%281-2110%29&sort_order=> 
      cve bugtraq bugtraq cve[snort 
<http://www.snort.org/snort-db/sid.html?sid=1807>] WEB-MISC 
Transfer-Encoding: chunked       2003-07-05 18:33:15       192.168.1.111 
<http://cydock.gotdns.com:8090/acid/acid_stat_ipaddr.php?ip=192.168.1.111&netmask=32>:8090 
      192.168.1.1 
<http://cydock.gotdns.com:8090/acid/acid_stat_ipaddr.php?ip=192.168.1.1&netmask32>:39274 
      TCP   
         #1-(1-2108) 
<http://cydock.gotdns.com:8090/acid/acid_qry_alert.php?submit=%231-%281-2108%29&sort_order=> 
      cve cve[snort <http://www.snort.org/snort-db/sid.html?sid=1384>] 
MISC UPnP malformed advertisement       2003-07-05 18:32:57       
192.168.1.1 
<http://cydock.gotdns.com:8090/acid/acid_stat_ipaddr.php?ip=192.168.1.1&netmask=32>:1901 
      239.255.255.250 
<http://cydock.gotdns.com:8090/acid/acid_stat_ipaddr.php?ip=239.255.255.250&netmask32>:1900 
      UDP


Any one have any clue whats making all these fals positives and get 
snort to stop?  Is there an ignore file some where to put IP's to ignore?

aNc





More information about the Snort-users mailing list