Meraki

Community

Snort rule 1:9790 blocking Konica Minolta printing

oeyhope
Conversationalist
‎Feb 6 2024 4:41 AM
‎Feb 6 2024 4:41 AM

Snort rule 1:9790 blocking Konica Minolta printing

Hi

As of today I had problems with all my Konica Minolta printers and their Universal printer driver. None would print, I see traffic blocking on Meraki MX with snort rule 1:9790 HP-UX lpd command execution attempt

 

I had to whitelist to get print working again

Labels:
0 Kudos
5 Replies 5
TechNick92
Here to help
‎Feb 6 2024 6:34 AM
‎Feb 6 2024 6:34 AM

Hi, we got the equal issue and already raised a ticket. But at our systems this event was whitelisted round about a year ago and nothing changed. Seems to be something very wrong with IDS as there are more threads about IDS - https://community.meraki.com/t5/Security-SD-WAN/Security-Center/td-p/224281

 

 

I'm a bit worried seeing IDS events allowed out of nowhere and whitelisted events getting blocked.

 

Kind regards

TechNick92
Here to help
‎Feb 7 2024 8:14 AM
‎Feb 7 2024 8:14 AM

Sorry for late reply. Got a reply on my ticket yesterday evening.
"I checked that for you and it looks like this is a known issue on our side where some of the whitelisted IDs are still getting blocked.

Our engineering team is working on a solution for it and I will update you as soon as I hear from them."

No solution until now and printers still not working 😞

0 Kudos
dstewart
Here to help
‎Feb 7 2024 1:12 PM
‎Feb 7 2024 1:12 PM

I had a similar issue yesterday with 1:30507 (SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt).

 

This blocked features in our ERP. I had to whitelist it to get business working.

 

This traffic had never been blocked before the latest Snort update that was pushed. Update confirmed via TAC.

0 Kudos
TechNick92
Here to help
‎Feb 8 2024 2:16 AM
‎Feb 8 2024 2:16 AM

Today another Whitelisted event got blocked - Disable and re-enable it made the traffic work again.
Event was "1-15511 Oracle WebLogic Apache Connector buffer overflow attempt".

Legal traffic from clients to a license server for a CAD application which was whitelisted over a year ago.

That's really annoying. Can't check hundreds of firewalls if something is not working as configured ...

 

0 Kudos
BKoh
Just browsing
‎Feb 16 2024 5:27 AM
‎Feb 16 2024 5:27 AM

Same issue here.  All our printers not working and when I see 'security center' it blocks a lot of traffic caused by snort rule 1:9790. Not sure what happened but suddenly having this issue.  Is this a bug?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.