(portscan) UDP Portscan Blocking Google Music and Webcam updates
-
I am starting to see some issues with devices in my house, and it seems that snort is blocking them. When I allow the snort rule or delete the block list the devices start working again. 1) Google Music on my Mi Box stops at times and just spins. 2) My Mi Cam webcams try to take an update and fail. IN all cases, I see a UDP outbound block by snort.
The name UDP port scans kind of scars me here so not sure if I should allow 122:17 or not. i have 3 cams and 3 android boxes and its starting to drive me nuts thoughts?
2018-03-25
12:23:06 2 Attempted Information Leak 52.221.175.232
142.134.95.107
122:17
(portscan) UDP Portscan
2018-03-25
11:51:04 2 Attempted Information Leak 173.194.185.234
142.134.95.107
122:17
(portscan) UDP Portscan -
I am starting to see some issues with devices in my house, and it seems that snort is blocking them. When I allow the snort rule or delete the block list the devices start working again. 1) Google Music on my Mi Box stops at times and just spins. 2) My Mi Cam webcams try to take an update and fail. IN all cases, I see a UDP outbound block by snort.
The name UDP port scans kind of scars me here so not sure if I should allow 122:17 or not. i have 3 cams and 3 android boxes and its starting to drive me nuts thoughts?
2018-03-25
12:23:06 2 Attempted Information Leak 52.221.175.232
142.134.95.107
122:17
(portscan) UDP Portscan
2018-03-25
11:51:04 2 Attempted Information Leak 173.194.185.234
142.134.95.107
122:17
(portscan) UDP PortscanPortscan is very finicky and in my opinion the benefit is not worth the headaches it causes. Disable those rules or else turn off the portscan preprocessor on the PREPROCESSORS tab. You can easily disable those rules by clicking the red X in the GID:SID column on the ALERTS tab in one of the rows containing that rule.
Bill
-
Thanks, I've disabled it for udp and tcp.
