Alerts from "Signal Android App"!
-
hi everybody,
while on a phone call today, saw some messages in snort from an android signal app.
Anybody know if those alerts are false positive and have to ignore it?
-
@denis_ju I would guess false positive; however, as admin for your network only you can determine ... have you looked up each IP to see whether they're associated with Signal or Android?
-
Again warnings for the next call to Signal App.
-
@nollipfsense I did a live monitoring before and during the conversation with Signal App on Android phone.
IP's are changing every time on every conversation, even if i try to change from a voice call to video call. And the warnings continue.
Mostly IP's until now come from "amazona ws", "vodafone albania", "ProXad/Free SAS, France".
-
@denis_ju Android and Google have many different IPs so you'll continue to receive different ones. Are you or the other party using Vodaphone and is in France or Albania? Signal is very robust and that's what I use as well.
-
@nollipfsense Neither me nor the other side uses vodafone.
I spoke for Vodafone Albania not in France.Do I have to deactivate these "Conficker Rules"?
-
@denis_ju said in Alerts from "Signal Android App"!:
I spoke for Vodafone Albania not in France.
I do not understand this statement after reading your first. I would check out all destination IPs in the above image before disabling ... do a whois and reverse IP ... you can use Google to look up each ET Trojan above ... welcome to IDS/IPS.
