SNORT - 2.9.1 pkg v. 2.0.2 - Specific Threat Issue

taryezveb

@Cino:

the advance will add it to your /usr/local/etc/snort/snort_xxxxx_xxx/snort.conf

@Ulich05:

adding:
portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
to the advanced config section does solve the problem

Thanks, this worked for me also :)

C7J0yC3

Gents,

Having an issue with the listed fix. When I add portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143] to /usr/local/etc/snort/snort_51441_em0/snort.conf. When I save the file, and then immediately reopen it the new line is there. When I start snort I get the same error in the logs, and when I look at the conf again, the line is removed. I have uninstalled and re installed snort, but I get the same issue. Any ideas?

marcelloc

You have to put this config on gui, not in conf file.

adding:
portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
to the advanced config section does solve the problem

C7J0yC3

@marcelloc:

You have to put this config on gui, not in conf file.

adding:
portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
to the advanced config section does solve the problem

Guess I'm just derpin. That worked perfectly, thanks!

barisnet

What is the problem?
snort[48943]: FATAL ERROR: /usr/local/etc/snort/snort_2***_re0/snort.conf(145) ) => Invalid keyword 'compress_depth' for 'global' configuration.

Gradius

Well, I just installed snort for 1st time and found Barnyard2 wasn't installed!

Services: Snort 2.9.1 pkg v. 2.0.2

Help!

Cino

search will be your greatest friend

http://forum.pfsense.org/index.php/topic,42016.0.html

pkg_add -r http://files.pfsense.com/packages/8/All/barnyard2

Gradius

@Cino:

search will be your greatest friend

http://forum.pfsense.org/index.php/topic,42016.0.html

pkg_add -r http://files.pfsense.com/packages/8/All/barnyard2.tbz

LOL thanks!

Download link is dead, but got it from another place.

Cino

@Gradius:

@Cino:

search will be your greatest friend

http://forum.pfsense.org/index.php/topic,42016.0.html

pkg_add -r http://files.pfsense.com/packages/8/All/barnyard2.tbz

LOL thanks!

Download link is dead, but got it from another place.

I corrected the link

th3r3isnospoon

New issue seems to have come up.

The fix above works….however, I no longer receive any alerts in the Alerts tab (yes alerts are enabled) and I'm not sure it's blocking offenders.

If I use GRC.com's ShieldsUp! yes, it will detect that and block it.

Now, FWIW, I recently installed and configured pfBlocker and am having it block a few countries that used to show up in my logs a lot.  Perhaps that's why I am seeing a lot less offenders being blocked?  I suppose that makes sense.  But, the fact that I no longer see Alerts is odd.

Just curious of anyone who implemented the above fix noticed this?

Thanks!

-th3r3isnospoon