Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort fails to start if ignore_scanners contains to many host

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 631 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rcmpayne
      last edited by

      Hello All,

      i have Snort setup with a Alias list for Snort -> WAN -> WAN PreProcs -> Ignore Scanners set to my Alias list from Firewall -> Aliases. Its been working fine but i keep getting blocks by Google over and over and today i got fetup and added all the Google Host CIDRs to my alias list and now snort wlan wont start. It seems that it starts to read the list and when it hits some limit, it adds a ,/, within the snort.conf and fails to start the WLAN interface. Depending on how i add the google ips to the alias, the ,/, entry moves around in the list below.

      Does anyone know of a limit with snort reading from a alias list? do you have any workarounds for me to get this added?

      
Mar 26 21:21:44	php-fpm	22691	/snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 24280 -D -q --suppress-config-log -l /var/log/snort/snort_em0_vlan3524280 --pid-path /var/run --nolock-pidfile -G 24280 -c /usr/local/etc/snort/snort_24280_em0_vlan35/snort.conf -i em0_vlan35' returned exit code '1', the output was ''
Mar 26 21:21:44	snort	53892	FATAL ERROR: /usr/local/etc/snort/snort_24280_em0_vlan35/snort.conf(354) => Invalid ip_list to 'ignore_scanners' option.
Mar 26 21:21:44	php-fpm	22691	/snort/snort_interfaces.php: [Snort] Snort START for WAN(em0_vlan35)...


      
# sf Portscan #
preprocessor sfportscan: \
	scan_type { all } \
	proto  { all } \
	memcap { 10000000 } \
	sense_level { medium } \
	ignore_scanners { 17.154.0.0/16,17.168.0.0/13,17.253.52.0/23,208.65.76.0/24,68.171.224.0/20,206.53.144.0/20,199.223.232.0/21,207.233.160.0/20,208.65.152.0/22,208.117.224.0/19,209.85.128.0/17,216.58.192.0/19,216.239.32.0/19,23.63.98.0/23,23.206.16.0/20,104.69.48.0/20,104.81.112.0/20,104.81.208.0/20,104.77.224.0/19,23.59.96.0/20,23.38.0.0/20,2.18.144.0/20,72.246.51.115,68.171.224.8,149.56.14.45,192.99.38.127,137.74.168.9,192.168.0.0/24,31.13.24.0/21,31.13.64.0/18,45.64.40.0/22,66.220.144.0/20,69.63.176.0/20,69.171.224.0/19,74.119.76.0/22,103.4.96.0/22,129.134.0.0/16,157.240.0.0/16,173.252.64.0/18,179.60.192.0/22,185.60.216.0/22,204.15.20.0/22,179.60.192.0/24,74.125.69.0/24,31.13.86.0/24,54.164.0.0/15,34.192.0.0/12,52.86.0.0/15,107.20.0.0/16,52.85.64.0/22,52.208.0.0/13,52.48.0.0/14,52.18.0.0/15,54.160.0.0/14,54.224.0.0/15,54.192.216.0/22,52.94.224.0/20,52.94.216.0/21,54.174.0.0/15,23.20.0.0/15,176.32.98.0/24,54.192.156.0/22,104.40.0.0/13,65.52.0.0/14,81.161.59.0/24,67.199.248.0/24,162.217.207.0/24,104.16.224.0/20,104.16.96.0/20,151.224.0.0/13,66.133.96.0/19,108.175.32.0/20,108.175.32.0/24,108.175.33.0/24,108.175.34.0/24,108.175.35.0/24,108.175.38.0/24,108.175.39.0/24,108.175.40.0/24,108.175.41.0/24,108.175.42.0/24,108.175.43.0/24,108.175.44.0/24,108.175.46.0/24,108.175.47.0/24,185.2.220.0/22,185.2.222.0/24,185.2.223.0/24,185.9.188.0/22,192.173.64.0/18,192.173.80.0/20,192.173.96.0/20,198.38.100.0/24,198.38.101.0/24,198.38.108.0/24,198.38.109.0/24,198.38.110.0/24,198.38.111.0/24,198.38.112.0/24,198.38.113.0/24,198.38.114.0/24,198.38.115.0/24,198.38.116.0/24,198.38.117.0/24,198.38.118.0/24,198.38.119.0/24,198.38.120.0/24,198.38.121.0/24,198.38.124.0/24,198.38.125.0/24,198.38.126.0/24,198.38.127.0/24,198.38.96.0/19,198.38.96.0/24,198.38.97.0/24,198.38.98.0/24,198.38.99.0/24,198.45.48.0/20,198.45.48.0/24,198.45.49.0/24,198.45.50.0/24,198.45.54.0/24,198.45.55.0/24,198.45.56.0/24,198.45.57.0/24,198.45.61.0/24,198.45.62.0/24,198.45.63.0/24,23.246.0.0/18,23.246.12.0/24,23.246.13.0/24,23.246.14.0/24,23.246.15.0/24,23.246.16.0/24,23.246.17.0/24,23.246.2.0/24,23.246.20.0/24,23.246.21.0/24,23.246.22.0/24,23.246.23.0/24,23.246.24.0/24,23.246.25.0/24,23.246.26.0/24,23.246.27.0/24,23.246.28.0/22,23.246.28.0/24,23.246.29.0/24,23.246.3.0/24,23.246.30.0/24,23.246.31.0/24,23.246.36.0/24,23.246.37.0/24,23.246.38.0/24,23.246.39.0/24,23.246.4.0/24,23.246.42.0/24,23.246.44.0/24,23.246.45.0/24,23.246.46.0/24,23.246.47.0/24,23.246.48.0/24,23.246.49.0/24,23.246.5.0/24,23.246.50.0/24,23.246.51.0/24,23.246.52.0/24,23.246.54.0/24,23.246.55.0/24,23.246.56.0/24,23.246.57.0/24,23.246.58.0/24,23.246.59.0/24,23.246.6.0/24,23.246.7.0/24,23.246.8.0/24,23.246.9.0/24,37.77.184.0/21,37.77.186.0/24,37.77.187.0/24,37.77.188.0/24,37.77.189.0/24,37.77.190.0/24,37.77.191.0/24,45.57.0.0/17,45.57.1.0/24,45.57.10.0/24,45.57.14.0/24,45.57.15.0/24,45.57.16.0/24,45.57.17.0/24,45.57.18.0/24,45.57.19.0/24,45.57.2.0/24,45.57.22.0/24,45.57.23.0/24,45.57.3.0/24,45.57.30.0/24,45.57.31.0/24,45.57.36.0/24,45.57.37.0/24,45.57.38.0/24,45.57.39.0/24,45.57.4.0/24,45.57.42.0/24,45.57.44.0/24,45.57.45.0/24,45.57.5.0/24,45.57.6.0/24,45.57.7.0/24,64.120.128.0/17,66.197.128.0/17,173.255.112.0/20,207.223.160.0/20,209.107.176.0/20,216.73.80.0/20,23.236.48.0/20,66.102.0.0/20,162.222.176.0/21,172.102.8.0/21,172.110.32.0/21,74.114.24.0/21,8.34.208.0/21,8.34.216.0/21,8.35.192.0/21,8.35.200.0/21,162.216.148.0/22,185.150.148.0/22,192.158.28.0/22,199.192.112.0/22,208.68.108.0/22,208.81.188.0/22,216.252.220.0/22,104.132.0.0/23,104.133.2.0/23,172.102.12.0/23,\,104.154.0.0/15,104.196.0.0/14,107.167.160.0/19,107.178.192.0/18,108.170.192.0/18,108.177.0.0/17,130.211.0.0/16,142.250.0.0/15,146.148.0.0/17,172.217.0.0/16,172.253.0.0/16,173.194.0.0/16,192.178.0.0/15,23.251.128.0/19,35.184.0.0/13,64.233.160.0/19,66.249.64.0/19,70.32.128.0/19,72.14.192.0/18,74.125.0.0/16,74.125.0.0/18,108.59.80.0/20,172.102.14.0/23,185.25.28.0/23,192.104.160.0/23,209.107.176.0/23,209.107.182.0/23,70.32.146.0/23,104.132.11.0/24,104.132.141.0/24,104.132.34.0/24,104.132.5.0/24,104.132.51.0/24,104.132.7.0/24,104.132.8.0/24,104.133.0.0/24,108.177.10.0/24,108.177.11.0/24,108.177.12.0/24,108.177.13.0/24,108.177.14.0/24,108.177.15.0/24,108.177.30.0/24,108.177.8.0/24,108.177.9.0/24,108.177.96.0/24,108.177.97.0/24,108.177.98.0/24,172.102.10.0/24,172.102.11.0/24,172.102.8.0/24,172.102.9.0/24,172.217.0.0/24,172.217.16.0/24,172.217.24.0/24,172.217.28.0/24,172.217.30.0/24,173.194.112.0/24,173.194.113.0/24,173.194.117.0/24,173.194.118.0/24,173.194.119.0/24,173.194.120.0/24,173.194.121.0/24,173.194.124.0/24,173.194.132.0/24,173.194.136.0/24,173.194.140.0/24,173.194.141.0/24,173.194.142.0/24,173.194.175.0/24,173.194.192.0/24,173.194.193.0/24,173.194.194.0/24,173.194.196.0/24,173.194.197.0/24,173.194.198.0/24,173.194.199.0/24,173.194.200.0/24,173.194.201.0/24,173.194.202.0/24,173.194.203.0/24,173.194.204.0/24,173.194.205.0/24,173.194.206.0/24,173.194.207.0/24,173.194.208.0/24,173.194.209.0/24,173.194.210.0/24,173.194.211.0/24,173.194.212.0/24,173.194.213.0/24,173.194.214.0/24,173.194.215.0/24,173.194.216.0/24,173.194.217.0/24,173.194.218.0/24,173.194.219.0/24,173.194.220.0/24,173.194.221.0/24,173.194.222.0/24,173.194.223.0/24,173.194.32.0/24,173.194.34.0/24,173.194.35.0/24,173.194.36.0/24,173.194.37.0/24,173.194.38.0/24,173.194.39.0/24,173.194.40.0/24,173.194.41.0/24,173.194.42.0/24,173.194.44.0/24,173.194.46.0/24,173.194.53.0/24,173.194.63.0/24,173.194.64.0/24,173.194.66.0/24,173.194.67.0/24,173.194.68.0/24,173.194.69.0/24,173.194.7.0/24,173.194.70.0/24,173.194.73.0/24,173.194.74.0/24,173.194.76.0/24,173.194.77.0/24,173.194.78.0/24,173.194.79.0/24,209.85.144.0/24,209.85.145.0/24,209.85.147.0/24,209.85.200.0/24,209.85.201.0/24,209.85.202.0/24,209.85.203.0/24,209.85.232.0/24,209.85.233.0/24,209.85.234.0/24,209.85.235.0/24,216.239.32.0/24,216.239.33.0/24,216.239.34.0/24,216.239.35.0/24,216.239.36.0/24,216.239.38.0/24,216.239.39.0/24,216.252.220.0/24,216.252.221.0/24,216.252.222.0/24,216.58.200.0/24,216.58.208.0/24,216.58.209.0/24,216.58.210.0/24,216.58.211.0/24,216.58.212.0/24,216.58.213.0/24,216.58.214.0/24,216.58.215.0/24,216.58.216.0/24,216.58.217.0/24,216.58.218.0/24,216.58.219.0/24,216.58.220.0/24,216.58.221.0/24,216.58.222.0/24,216.58.223.0/24,64.233.160.0/24,64.233.161.0/24,64.233.162.0/24,64.233.163.0/24,64.233.164.0/24,64.233.165.0/24,64.233.166.0/24,64.233.167.0/24,64.233.168.0/24,64.233.169.0/24,64.233.171.0/24,64.233.176.0/24,64.233.177.0/24,64.233.178.0/24,64.233.179.0/24,64.233.180.0/24,64.233.181.0/24,64.233.182.0/24,64.233.183.0/24,64.233.184.0/24,64.233.185.0/24,64.233.186.0/24,64.233.187.0/24,64.233.188.0/24,64.233.189.0/24,64.233.190.0/24,64.233.191.0/24,66.102.1.0/24,66.102.12.0/24,66.102.2.0/24,66.102.3.0/24,66.102.4.0/24,70.32.131.0/24,70.32.145.0/24,70.32.151.0/24,74.125.126.0/24,74.125.127.0/24,74.125.128.0/24,74.125.129.0/24,74.125.130.0/24,74.125.131.0/24,74.125.132.0/24,74.125.133.0/24,74.125.134.0/24,74.125.135.0/24,74.125.138.0/24,74.125.139.0/24,74.125.140.0/24,74.125.141.0/24,74.125.142.0/24,74.125.143.0/24,74.125.192.0/24,74.125.193.0/24,74.125.195.0/24,74.125.196.0/24[b],\,[/b]74.125.198.0/24,74.125.199.0/24,74.125.200.0/24,74.125.201.0/24,74.125.202.0/24,74.125.203.0/24,74.125.204.0/24,74.125.205.0/24,74.125.206.0/24,74.125.21.0/24,74.125.22.0/24,74.125.225.0/24,74.125.226.0/24,74.125.227.0/24,74.125.228.0/24,74.125.23.0/24,74.125.230.0/24,74.125.232.0/24,74.125.234.0/24,74.125.235.0/24,74.125.236.0/24,74.125.238.0/24,74.125.26.0/24,74.125.27.0/24,74.125.28.0/24,74.125.29.0/24,74.125.30.0/24,74.125.31.0/24,74.125.39.0/24,74.125.6.0/24,74.125.68.0/24,74.125.70.0/24,74.125.71.0/24 }
      1 Reply Last reply Reply Quote 0
      • P
        padpn
        last edited by

        Consider to manual you should use it in such way

        ignore_scanned { Snort IP List }

        Snort IP List you can create by this guide
        https://doc.pfsense.org/index.php/Snort_ip_list_mgmt

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.