Unifi Devices suddenly triggering Snort Malware Alerts

I am rather puzzled. Starting last night I’ve had a large number of Snort Alerts coming from all of my unifi devices.

SID 3-15450 MALWARE-OTHER Conficker C/D DNS traffic detected

This is a rather old SID and I certainly don’t have any vulnerable devices. Also, the alerts are triggered even in the absence of clients, and even by PDU-Pro when it’s the only thing connected to the network.

I have reset the devices with recurrence of this.
I also captured the packets associated with the alerts by unplugging all but one of the devices and eliminating any clients for clarity, and they just seem like unifi telemetry traffic.

I was wondering if anyone has encountered anything like this and whether my network is in trouble. Thanks in advance.

Not using Snort but false positives are all par of tuning.

I’m guessing you got updated rules and this just happened to be a new trigger. Over the last few years of running the Snort community rules, this has happened to me a few times. Get an update and suddenly a bunch of stuff that was working is now blocked. Click X to add it to the OK list and move on.