Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SNORT not blocking any alerts other than (http_inspect) alerts

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MrsPotter
      last edited by

      Anyone had this issue before?

      Blocking is enabled, all preprocessors are selected and most emerging rules (freshly updated) are checked. Many alerts are generated, but snort only blocks (http_inspect) alerts. All else seems to be running fine.

      I can't see any obvious stupidities on my side - any comments are welcome?

      I'm using 2.01.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Aren't these non blocking alerts from white-listed ips?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • M
          MrsPotter
          last edited by

          I have none whitelisted. I tested it by enabling all emerging rules, thus all sorts of alerts pop up. However, only the (http_inspect) alerts are blocked.

          Blocking is enabled, along with all the preprocessors. Snort is running - I tried reinstalling, manually updating rules, rebooting. Also, checked the system logs -all seem well. But no other alerts are blocked.

          I'm stumped. What am I doing wrong?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.