[Snort-users] Question about 'FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt'

agustin larrarte thrudebian at gmail.com
Tue Nov 14 11:24:38 EST 2017


actually, i found this site
https://www.talosintelligence.com/reports/TALOS-2017-0458 for this alert

it seems the alert is related to a software named Photoline 20.02 and a
specially formatted file. I am guessing since this software runs on windows
and mac and both the source and destination the alerts are linux server,
this should be a false positive? I wonder what triggered the alert.

thank you.

On Tue, Nov 14, 2017 at 1:20 PM, agustin larrarte <thrudebian at gmail.com>
wrote:

> Hello!
>
> Can anyone tell me if this alert is indeed a real alert?  I can't seem to
> find this rule on TALOS site.
>
> what is this supposed to be reporting?
>
> I have included a pcap that was created when snort triggered the alert
>
> src of the attack is 10.70.254.7
> dst of the attack is 10.70.189.250
>
> thank you as always!!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20171114/e58c38b7/attachment.html>


More information about the Snort-users mailing list