I recently added a new TiVo to our home network, and every now and then - presumably when it's downloading new multimedia content - I see a flood of Intrusion Prevention alerts from my UTM9:
I know I could just disable this specific rule, but I would like to keep that protection in place for the rest of the network, so I tried to exclude IPS processing for traffic bound for that particular device.
Under Network --> Intrusion Prevention --> Exceptions, I created a new rule with
saved it, and marked it active.
But the alerts continue to arrive. Am I missing something, or is this not working as designed?
Code:
Message........: FILE-MULTIMEDIA 3ivx MP4 file parsing cmt buffer overflow attempt
Details........: http://www.snort.org/search/sid/13318?r=1
Time...........: 2013-02-06 04:10:21
Packet dropped.: yes
Priority.......: high
Classification.: Attempted User Privilege Gain
IP protocol....: 6 (TCP)
Source IP address: 72.21.81.253
Source port: 80 (http)
Destination IP address: 192.168.0.115
Destination port: 34822Under Network --> Intrusion Prevention --> Exceptions, I created a new rule with
Code:
Skip these checks: Intrusion Prevention
Going to these destinations: TiVo (192.168.0.115)But the alerts continue to arrive. Am I missing something, or is this not working as designed?