SNORT - 2.9.1 pkg v. 2.0.2 - Specific Threat Issue
-
@ermal:
I will see if i can bump the snort port to include the fixes.
Awesome! Thanks ermal!
-th3r3isnospoon
-
adding:
portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
to the advanced config section does solve the problem -
the advance will add it to your /usr/local/etc/snort/snort_xxxxx_xxx/snort.conf
adding:
portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
to the advanced config section does solve the problemGood call guys. I just tried this and voila it worked! Strange because I did add it manually to snort.conf and it was a no go.
Fixed.
Thanks guys!
-th3r3isnospoon
-
will there be a fix where you dont have to edit the .conf ? …i DID have all my 'servers' defined in the ....uhhh 'define servers' ....the bam...snort hit a bad rail and bummed itself stupid.
i dont mind editing the .conf ...but it would be nice for a person who doesnt really know what they are doing and just work...right? just imo :-X
-
will there be a fix where you dont have to edit the .conf ?
It's on ermal todo list…
@ermal:
I will see if i can bump the snort port to include the fixes.
-
-
Gents,
Having an issue with the listed fix. When I add portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143] to /usr/local/etc/snort/snort_51441_em0/snort.conf. When I save the file, and then immediately reopen it the new line is there. When I start snort I get the same error in the logs, and when I look at the conf again, the line is removed. I have uninstalled and re installed snort, but I get the same issue. Any ideas?
-
You have to put this config on gui, not in conf file.
adding:
portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
to the advanced config section does solve the problem -
You have to put this config on gui, not in conf file.
adding:
portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
to the advanced config section does solve the problemGuess I'm just derpin. That worked perfectly, thanks!
-
What is the problem?
snort[48943]: FATAL ERROR: /usr/local/etc/snort/snort_2***_re0/snort.conf(145) ) => Invalid keyword 'compress_depth' for 'global' configuration. -
Well, I just installed snort for 1st time and found Barnyard2 wasn't installed!
Services: Snort 2.9.1 pkg v. 2.0.2
Help!
-
search will be your greatest friend
http://forum.pfsense.org/index.php/topic,42016.0.html
pkg_add -r http://files.pfsense.com/packages/8/All/barnyard2
-
search will be your greatest friend
http://forum.pfsense.org/index.php/topic,42016.0.html
pkg_add -r http://files.pfsense.com/packages/8/All/barnyard2.tbz
LOL thanks!
Download link is dead, but got it from another place.
-
-
New issue seems to have come up.
The fix above works….however, I no longer receive any alerts in the Alerts tab (yes alerts are enabled) and I'm not sure it's blocking offenders.
If I use GRC.com's ShieldsUp! yes, it will detect that and block it.
Now, FWIW, I recently installed and configured pfBlocker and am having it block a few countries that used to show up in my logs a lot. Perhaps that's why I am seeing a lot less offenders being blocked? I suppose that makes sense. But, the fact that I no longer see Alerts is odd.
Just curious of anyone who implemented the above fix noticed this?
Thanks!
-th3r3isnospoon
