Alerts from "Signal Android App"!

denis_ju · Mar 16, 2021, 4:20 PM

hi everybody,

while on a phone call today, saw some messages in snort from an android signal app.

Anybody know if those alerts are false positive and have to ignore it?

NollipfSense · Mar 17, 2021, 1:36 AM

@denis_ju I would guess false positive; however, as admin for your network only you can determine ... have you looked up each IP to see whether they're associated with Signal or Android?

denis_ju · Mar 17, 2021, 8:15 AM

Again warnings for the next call to Signal App.

@denis_ju

denis_ju · Mar 17, 2021, 8:51 AM

@nollipfsense I did a live monitoring before and during the conversation with Signal App on Android phone.

IP's are changing every time on every conversation, even if i try to change from a voice call to video call. And the warnings continue.

Mostly IP's until now come from "amazona ws", "vodafone albania", "ProXad/Free SAS, France".

NollipfSense · Mar 17, 2021, 8:43 PM

@denis_ju Android and Google have many different IPs so you'll continue to receive different ones. Are you or the other party using Vodaphone and is in France or Albania? Signal is very robust and that's what I use as well.

denis_ju · Mar 23, 2021, 4:39 AM

@nollipfsense Neither me nor the other side uses vodafone.
I spoke for Vodafone Albania not in France.

Do I have to deactivate these "Conficker Rules"?

NollipfSense · Mar 23, 2021, 4:39 AM

@denis_ju said in Alerts from "Signal Android App"!:

I spoke for Vodafone Albania not in France.

I do not understand this statement after reading your first. I would check out all destination IPs in the above image before disabling ... do a whois and reverse IP ... you can use Google to look up each ET Trojan above ... welcome to IDS/IPS.