Add to whitelist to ignore port 5353 of the multicast of the p2p, because it is being detected in this evidence "Connecting to private IP"

stratosphereips / StratosphereLinuxIPS

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.

Other

697 stars 172 forks source link

Add to whitelist to ignore port 5353 of the multicast of the p2p, because it is being detected in this evidence "Connecting to private IP" #620

Open AlyaGomaa opened 3 months ago

AlyaGomaa commented 3 months ago

In the p2p

2024-03-12T12:22:38.333895+00:00 (TW 1): Src IP x. Detected Connecting to private IP: 172.16.2.5 on destination port: 5353 threat level: info. 2024-03-12T12:22:38.333895+00:00 (TW 1): Src IP x Detected Connecting to private IP: 172.16.2.5 on destination port: 5353 threat level: info.

solution Whitelist the port 5353/UDP and the IP address used by the p2p module. (not sure which one it was)

Created by Alya Gomaa via monday.com integration. 🎉

AlyaGomaa commented 3 months ago

requires https://github.com/stratosphereips/StratosphereLinuxIPS/issues/490 to be done first