[Snort-users] Question about 'FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt'

agustin larrarte thrudebian at gmail.com
Tue Nov 14 11:20:33 EST 2017


Hello!

Can anyone tell me if this alert is indeed a real alert?  I can't seem to
find this rule on TALOS site.

what is this supposed to be reporting?

I have included a pcap that was created when snort triggered the alert

src of the attack is 10.70.254.7
dst of the attack is 10.70.189.250

thank you as always!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20171114/2ebe7c6b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tcpdump.log.1510599922
Type: application/octet-stream
Size: 198382 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20171114/2ebe7c6b/attachment.obj>


More information about the Snort-users mailing list