Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (portscan) UDP Portscan Blocking Google Music and Webcam updates

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 389 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rcmpayne
      last edited by

      I am starting to see some issues with devices in my house, and it seems that snort is blocking them. When I allow the snort rule or delete the block list the devices start working again. 1) Google Music on my Mi Box stops at times and just spins. 2) My Mi Cam webcams try to take an update and fail. IN all cases, I see a UDP outbound block by snort.

      The name UDP port scans kind of scars me here so not sure if I should allow 122:17 or not. i have 3 cams and 3 android boxes and its starting to drive me nuts thoughts?

      2018-03-25
      12:23:06 2 Attempted Information Leak 52.221.175.232
          142.134.95.107
        122:17
        (portscan) UDP Portscan
      2018-03-25
      11:51:04 2 Attempted Information Leak 173.194.185.234
          142.134.95.107
        122:17
        (portscan) UDP Portscan

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @rcmpayne:

        I am starting to see some issues with devices in my house, and it seems that snort is blocking them. When I allow the snort rule or delete the block list the devices start working again. 1) Google Music on my Mi Box stops at times and just spins. 2) My Mi Cam webcams try to take an update and fail. IN all cases, I see a UDP outbound block by snort.

        The name UDP port scans kind of scars me here so not sure if I should allow 122:17 or not. i have 3 cams and 3 android boxes and its starting to drive me nuts thoughts?

        2018-03-25
        12:23:06 2 Attempted Information Leak 52.221.175.232
            142.134.95.107
          122:17
          (portscan) UDP Portscan
        2018-03-25
        11:51:04 2 Attempted Information Leak 173.194.185.234
            142.134.95.107
          122:17
          (portscan) UDP Portscan

        Portscan is very finicky and in my opinion the benefit is not worth the headaches it causes.  Disable those rules or else turn off the portscan preprocessor on the PREPROCESSORS tab.  You can easily disable those rules by clicking the red X in the GID:SID column on the ALERTS tab in one of the rows containing that rule.

        Bill

        1 Reply Last reply Reply Quote 0
        • R
          rcmpayne
          last edited by

          Thanks, I've disabled it for udp and tcp.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.