Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can someone explain why this rule gets triggered by Snort 3:19187?

    Scheduled Pinned Locked Moved IDS/IPS
    41 Posts 4 Posters 6.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rasputinthegreatest @rasputinthegreatest
      last edited by rasputinthegreatest

      @rasputinthegreatest I realized I had packet captures enabled. I found this in Wireshark:

      192.168.179.1	192.168.1.73	DNS	158	Standard query response 0x6ffc HTTPS chrome.cloudflare-dns.com HTTPS
      

      Doesn't tell me much though. Still makes no sense to me how this connection could happen and be captured.

      I saw this IP in the packet capture with an insane AV detection rate and IDS warnings on this website:
      https://otx.alienvault.com/indicator/ip/172.64.41.3

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.