How do i suppress this rule
-
I am getting the following SNORT startup message in system.log:
Nov 12 16:29:45 www snort[1955]: +–---------------------[suppression]–----------------------------------------
Nov 12 16:29:45 www snort[1955]: +–---------------------[suppression]–----------------------------------------
Nov 12 16:29:45 www snort[1955]: | none
Nov 12 16:29:45 www snort[1955]: | none
Nov 12 16:29:45 www snort[1955]: –-----------------------------------------------------------------------------
Nov 12 16:29:45 www snort[1955]: –-----------------------------------------------------------------------------It seems that my suppression rule isn't being activated somehow…...
-
after you created the list, did you select that list under the interface config page?
-
No I did not, and that seemed to be the problem. Didn't know I had to do that… thanks girlfriend!
@Cino:after you created the list, did you select that list under the interface config page?
-
after you created the list, did you select that list under the interface config page?
Where is this page located i can't seem to find it .With problem i can't search the internet at all i keep getting the rule blocked .
-
Uncheck Block offenders until you fix the suppress rule and still have internet access.
It is under Snort: Interface Edit: (If settings) Suppression and filtering
-
Uncheck Block offenders until you fix the suppress rule and still have internet access.
It is under Snort: Interface Edit: (If settings) Suppression and filtering
I just have snort turned off .Tried to suppress rule and nothing works
-
Did you remove your WAN IP from the Blocked list?
-
-
In the "for what it's worth category" this message, and my need to suppress it (amd64 V2.0), disappeared with an uninstall of SNORT and reinstall with the updated 2.9.1 package.
Previous to that, everything was being blocked and the event log was being flooded with HTTP_INSPECT events.
-
2011-11-12 00:05:24 Daemon.Notice x.x.x.x snort[33078]: | gen-id=120 sig-id=3 type=Suppress tracking=none filtered=109I still get them :-[
-
