SNORT - 2.9.1 pkg v. 2.0 - (http_inspect) - SID - 120:3:1
-
http://forum.pfsense.org/index.php/topic,41533.msg220890.html#msg220890
Thanks for the link.
I actually saw that thread and read through it. I was just able to get the -1 to work. However, I would like this to be at 0. I had it at 0 on the last version of the SNORT package and I never had this error before. Just curious why this happened after the upgrade. Was this not fully working before?
Thanks,
-th3r3isnospoon
-
its not an error but an alert
-
Did you try this? suppress gen_id 120, sig_id 3
Make sure you add your suppression list to the snort interface settings. Change it from default to the list that has that rule. Works fine for me, I have http_inspect set to 300
-
its not an error but an alert
Yes, that is true. However, about 80% of websites generate this alert.
Did you try this? suppress gen_id 120, sig_id 3
Make sure you add your suppression list to the snort interface settings. Change it from default to the list that has that rule. Works fine for me, I have http_inspect set to 300
Hrmm… I just disabled HTTP inspect. I then restarted the SNORT service and all is well. I will try this and report back.
At this point I am just wondering why exactly this is being triggered on almost every website I visit.
Thanks,
-th3r3isnospoon
-
its not an error but an alert
Yes, that is true. However, about 80% of websites generate this alert.
Did you try this? suppress gen_id 120, sig_id 3
Make sure you add your suppression list to the snort interface settings. Change it from default to the list that has that rule. Works fine for me, I have http_inspect set to 300
I have the same problem and it is a big problem with web surfing blocks everything
Hrmm… I just disabled HTTP inspect. I then restarted the SNORT service and all is well. I will try this and report back.
At this point I am just wondering why exactly this is being triggered on almost every website I visit.
Thanks,
-th3r3isnospoon
-
I've created a video:
http://www.youtube.com/watch?v=uQ7OrxtiAes -
I've created a video:
http://www.youtube.com/watch?v=uQ7OrxtiAesNice job. Its kind of difficult to put into words that the interface must have the suppression list added to it and that simply creating the suppression list is not enough.
-
Thanks – Can we get a SOLVED tag put in the Subject?
-
-
I've created a video:
http://www.youtube.com/watch?v=uQ7OrxtiAesThank You so Far so good !!!!! ^_^
-
I've created a video:
http://www.youtube.com/watch?v=uQ7OrxtiAesWell done - little good documentation exists for pfSense. Your video explains one small but vital aspect of pfsense/snort.
Yak