Snort blocking Exchange Push/Android
-
Hello!
All of a sudden snort isn't liking my Android getting push updates from my Exchange 2003 server.
I'm seeing the following in my snort logs:
1 2 TCP DOS Microsoft IIS 7.5 client verify null pointer attempt Attempted Denial of Service 69.171.160.187 52928 -> <my internet="" ip="">443 1:17750:6 01/16-17:36:26</my>
Since my Android phone goes through a lot of different IP addresses in a day, I can't whitelist the listed IP (above). What do other people do to get around this w/o disabling this rule? Am I ultimately going to have to disable/suppress this rule?
Thanks
AWS -
Include these rules on snort suppression tab
https://www.youtube.com/watch?v=uQ7OrxtiAes
-
Thanks for your suggestion. I applied a suppression.
Can I add comments into my suppression list by adding a '#' in front of my text I want to add a note to?
For example, can I do this in my suppression list:
suppress gen_id 1, sig_id 17750 # disable DOS Microsoft IIS 7.5 client verify null pointer attempt (Android/Exchange)
so I can tell why I added that suppression? The character may not be a # but anything… ?
AWS