Problem SNORT 2.9.1 pkg v. 2.1

taryezveb

@ermal:

Where is the beer? ;D

I sent funds to pfSense and made it clear to donate a portion to a few packages, including Snort of course. I will donate again when I can.

Thanks

mdima

Hi,
I agree… I was deciding my company to support pfSense (then adding extra support hours because I needed a quick help), I have seen the time and effort that all the people involved in the project spend, and the quality as professionality and skills, and I think that all this can't be "just for free"...

Now that I switched to pfSense and I know it a little better, I can assert that it's my company's best interest to make this project sustainable for the people working in it, and I will push my company to renew the subscription when it will expire (even if it's not a good year, as I guess for many people).

Thanks to all,
Michele

dhatz

Please note that snort v2.9.0.5 End-of-Life day is a few weeks away:

You will now see that the EOL date for Snort version 2.9.0.5 is set for 2012-03-13, that's March 13, 2012.
http://blog.snort.org/2011/12/snort-2905-eol-date-has-been-posted.html

PS: On my system snort –version suggests it is version 2.9.0.5, but the package is labeled 2.9.1

Cino

looks like the binaries have to be updated to either Snort 2.9.1.2 or Snort 2.9.2. There is a Snort 2.9.2 binary on files.pfsense.org but its not compiled to use the alert_pf function from some testing I just did. I have a feeling this binary was going for the snort-dev package which isn't published anymore.

eri--

PS: On my system snort –version suggests it is version 2.9.0.5, but the package is labeled 2.9.1

Yeah but 2.9.0.5 seems to live longer than the 2.9.1 version.

I will get to 2.9.2.x asap.

toomeek

Hi guys, let's have some fun with this.
SNORT is kicking me out everytime I click "save" on my Worpress site over SSL remotely :)
Any ideas?

snort1.png_thumb

snort2.png_thumb

Cino

easy one, create a suppress list. do a search and you'll find many examples on how to set one up.

ccb056

this might work:


#(ssp_ssl) Invalid Client HELLO after Server HELLO Detected
suppress gen_id 137, sig_id 1

Gradius

@ermal:

PS: On my system snort –version suggests it is version 2.9.0.5, but the package is labeled 2.9.1

Yeah but 2.9.0.5 seems to live longer than the 2.9.1 version.

I will get to 2.9.2.x asap.

Last version is 2.9.2.1:
http://www.snort.org/snort-downloads

This means we will see that soon on pfsense as new package?

Gradius

What's the change on pkg v. 2.1.1 ?!

toomeek

Forgot to update:

#(ssp_ssl) Invalid Client HELLO after Server HELLO Detected
suppress gen_id 137, sig_id 1

Of course it worked like a charm. No more kicks.