Snort blocking remote staff when checking email with Outlook
-
Then how have you told it to suppress the rule? Where did you enter suppress gen_id 137, sig_id 1?
-
Under the "suppress" Tab
I also just tried under adv config. Still not working.
-
What version of pfSense and the Snort package are you running?
-
PF 2.0 release
Snort 2.9.0.5 pkg v. 2.0 -
Checking what is added to the snort config, it looks like the suppress tab doesn't work. Only items added to the Advanced tab are added to the config file from what I can see.
-
Thanks for the reply and testing Cry Havok
OP and other users that posted to the thread.
Can you post your versions of Snort and PF?
Also note where you have the suppress line added.If this is a bug, it will help with trouble shooting.
-
@Cry:
Checking what is added to the snort config, it looks like the suppress tab doesn't work. Only items added to the Advanced tab are added to the config file from what I can see.
Did you also set the suppression rule list you created to the interface (If Settings->Suppression and Filtering)? If the interface is still set to default then it will not suppress any alerts.
-
Did you also set the suppression rule list you created to the interface (If Settings->Suppression and Filtering)? If the interface is still set to default then it will not suppress any alerts.
No - didn't know that those extra steps were required.
-
When deleting the line from Adv config, the system enter this in the gui field and reverted my config.
²êië,éâw]û²("w
Yes, that is correct, it was just a bunch of garbage.
To be sure, i tried different browsers (FF,Chrome) -
after adding the suppress to the interface snort stop blocking my OMA or OWA
thanks for the tip
:)
