[Snort-users] Question about 'FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt'
thrudebian at gmail.com
Tue Nov 14 11:24:38 EST 2017
actually, i found this site
https://www.talosintelligence.com/reports/TALOS-2017-0458 for this alert
it seems the alert is related to a software named Photoline 20.02 and a
specially formatted file. I am guessing since this software runs on windows
and mac and both the source and destination the alerts are linux server,
this should be a false positive? I wonder what triggered the alert.
On Tue, Nov 14, 2017 at 1:20 PM, agustin larrarte <thrudebian at gmail.com>
> Can anyone tell me if this alert is indeed a real alert? I can't seem to
> find this rule on TALOS site.
> what is this supposed to be reporting?
> I have included a pcap that was created when snort triggered the alert
> src of the attack is 10.70.254.7
> dst of the attack is 10.70.189.250
> thank you as always!!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users