Author Topic: MIOS probing internal network???  (Read 1383 times)

Offline mikewooduk

  • Full Member
  • ***
  • Posts: 147
  • Karma: +1/-1
MIOS probing internal network???
« on: August 23, 2014, 01:29:15 pm »
All,

Has anyone seen the following behaviour before, I have traced back the attack to the ISP HE (Hurricane Electric) and the IP is registered to MIOS:-


At time : 2014-08-23 18:13:52
Intrusion Prevention System detected attack : EXPLOIT Photodex ProShow Producer 5.0.3256 load File Handling Buffer Overflow .
The action is : drop

More information about this attack:
Category : Exploit
Protocol : tcp
Client IP : 192.168.1.104    Client Port : 46805
Server IP : 65.49.38.12    Server Port : 443



My Netgear UTM went full defensive due to the nature of the exploit, has MIOS/Micasverde been hacked?  Please note the date/time stamp is UK GMT+1

Any thoughts or opinions welcomed.

Many thanks,

Mike

Offline Z-Waver

  • Master Member
  • *******
  • Posts: 4437
  • Karma: +249/-120
Re: MIOS probing internal network???
« Reply #1 on: August 23, 2014, 03:06:24 pm »
This is a false positive from your Netgear UTM. It sees SSL traffic from Vera(? 192.168.1.104) that the UTM is interpreting as traffic coming from an exploited copy of Photodex ProShow Producer 5.0.3256.

Photodex ProShow Producer 5.0.3256 is a Windows XP/7 program that cannot run on Vera, so it's rather unlikely that Vera has been compromised in this case. If I were you, I'd create an exception or disable that signature on the Netgear UTM or whatever the procedure is for it.

#NOT_Hacked