Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

False positive in sig 3550

Using eudora and Secure Pop we are getting false positives on signature 3550.

You can tell in the Hex output that the traffic is encrypted.

Any thoughts on how I could tune this to not generate false positives?

thanks,

geoff

here is a log snip:

NEWLOG.log.200309302317:4,5247951,2003/10/01,06:22:40,2003/09/30,23:22:40,10008,3,100,OUT,IN,5,3550,0,TCP/IP,68.xxx.yyy.zzz,www.xxx.yyy.zzz,1085,110,0.0.0.0,pop buffer overflow,CEA33AE83434C0BC8916FB9A782419CA7CD49D7476802B1C01D5E4A26418CF91F692222A5A69E8EB4C372200F2C42844EE31E314AB461090C4C52D6104CB60F50875C88F12E7F22D1AC79CF0EC2330B70998BB811BA615E4CA921F925FEBABAA3CFBA80FE7A8171DD5A51A500914CE1496557A8BAD6742A09816953951D58E140300000101160300004052FA6106A71EB5C8EA7F1C465C2FB6A48BCB08C935E577E61B984723B92FBC259D42F53ECFC2D95AF3C8FD407696796E0EA8C1B55BF81A5F8B98700BB8F3B91917030000285E5FF7D269C48E4DD14BE9C0D7EDD848115C784825A74A797DD98A53189D4CE4304D9F4CC0751DA9170300002831865F0AZZ1911B8D3C7A0B4034026023E099CE112B3D15AF637A5B76103B65B16693BC644080C88530C6B9749C73E35DC6CB9BBAADF5CBB3A2F9360B6A94B4DF220F7CD5F7F647B8EDC005CD7FA77CA3916596F0EEAD3B5837F4D4D425676B4C95F04F838F8EBD25F755FCD7BFCE58E807CFC5016030000040E00000014030000010116030000401CD437D0D11D69FD8C51A6CF125F17D3C0B2F741EBCDF31701C911323187D8C24EEA46FAA1B7D8D434E615F4B9DC90DE6DC99328F04DD9051B04A125A378EC881703000038C85FAC685D177880F944450D393806F8F6F87D4BEA1E4FC05479030D4D48F23B56FEF2B5D9D42204B77B1C8F0C36D0B780062CF1B68C1F53

1 REPLY
Bronze

Re: False positive in sig 3550

The vulnerability for 3550 is quite old. I would recommend that you filter out the server as a destination if you're sure it's not a vulnerable version of POP.

89
Views
0
Helpful
1
Replies