Hello, I have an alert for which I would appreciate some information/confirmation:
|"HTTP: Mozilla Firefox Vorbis Audio Residue Codebook Out of Bounds Write Vulnerability"
SIP : 52.x.x.x:80
DIP : 10.x.x.x:37756
direction : inbound
I was under the impression from an earlier question to McAfee that the inbound/outbound direction was determined by the original SYN packet i.e. who initiated the sesssion.
From the above, since the source is a server (port 80) it normally would NOT be the initiator of the session so the direction, "inbound" must have been determined by the SIP/DIP of the IP header. This contradicts my earlier understanding of what "direction" means.
Can someone from McAfee please clarify?
TIA
Solved! Go to Solution.
Hi @ihoratos
To determine direction, the Sensor considers the physical port on which the SYN packet arrives:
• If the SYN packet arrives on the port connected to the inside network, the entire flow is considered
outbound.
• If the SYN packet arrives on the port connected to the outside network, the entire flow is considered
inbound.
Hi @ihoratos
To determine direction, the Sensor considers the physical port on which the SYN packet arrives:
• If the SYN packet arrives on the port connected to the inside network, the entire flow is considered
outbound.
• If the SYN packet arrives on the port connected to the outside network, the entire flow is considered
inbound.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA