Snort mailing list archives

Re: Question about 'FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt'

From: agustin larrarte via Snort-users <snort-users () lists snort org>
Date: Tue, 14 Nov 2017 13:24:38 -0300

actually, i found this site
https://www.talosintelligence.com/reports/TALOS-2017-0458 for this alert

it seems the alert is related to a software named Photoline 20.02 and a
specially formatted file. I am guessing since this software runs on windows
and mac and both the source and destination the alerts are linux server,
this should be a false positive? I wonder what triggered the alert.

thank you.

On Tue, Nov 14, 2017 at 1:20 PM, agustin larrarte <thrudebian () gmail com>
wrote:

Hello!

Can anyone tell me if this alert is indeed a real alert?  I can't seem to
find this rule on TALOS site.

what is this supposed to be reporting?

I have included a pcap that was created when snort triggered the alert

src of the attack is 10.70.254.7
dst of the attack is 10.70.189.250

thank you as always!!

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Question about 'FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt' agustin larrarte via Snort-users (Nov 20)
- Re: Question about 'FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt' agustin larrarte via Snort-users (Nov 14)
  - Re: Question about 'FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt' Joel Esler (jesler) via Snort-users (Nov 14)
    - Re: Question about 'FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt' agustin larrarte via Snort-users (Nov 20)
    - Re: Question about 'FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt' Joel Esler (jesler) via Snort-users (Nov 15)