Re: MISC UPnp malformed advertisement

["Joel Esler \(jesler\) via Snort-users" <snort-users () lists snort org>]

Wow.  I have no idea what ruleset you are using, but you should definitely update to the most current on 
Snort.org/downloads<http://Snort.org/downloads>

Sent from my iPad

On Sep 18, 2018, at 11:34 AM, ThyNgon Tran via Snort-users <snort-users () lists snort org<mailto:snort-users () lists 
snort org>> wrote:

Hello there,

I am new to IDS in general.  Just installed snort on my home network and found out tons of UPnP broadcasting traffics 
from an EPSON Artisan 837 printer and a Verizon top box. About 5 broadcast messages from each device showed like every 
sec. Are these normal traffics?  I think there is a malware on the printer.  I am about to upgrade the printer firmware 
but not sure what to do with the verizon topbox.

Has anyone run into this before?  Thanks!


--
ThyNgon Tran
https://vbc.cyburi.com
faster, higher, and stronger
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

   To unsubscribe, send an email to:
   snort-users-leave () lists snort org<mailto:snort-users-leave () lists snort org>

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette