GPL SCAN SolarWinds IP scan attempt

A "GPL scan" is typically performed to ensure that the software being used or distributed complies with the GPL license terms. This scan involves analyzing the source code of the software to identify any GPL-licensed components or dependencies and to verify that the software is being distributed in compliance with the GPL requirements. the alert is triggering a potential malicious scan of the network

Categories:

ID Number

4000587

Signature

alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL SCAN SolarWinds IP scan attempt"; icode:0; itype:8; content:"SolarWinds.Net"; nocase; classtype:network-scan; sid:4000587; rev:7; metadata:created_at 2010_09_23, updated_at 2010_09_23;)

Severity

low

Recommendations/Investigative actions

Authorize the connection. If the connection was approved - archive and baseline the rule. If not - check the connection, If there are internet IP's involved check if there are more alerts that this IP is involved, block the IP's in the FW and investigate the relevant IP address.