Snort Blocking Google Ad Services
-
I am having an issue with snort blocking google ad services and I cannot seem to find a resolve to this issue. Has anyone had any success to allow google ad services to not be blocked via SNORT?
-
Have you read any of the Snort package documentation here: https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html?
There is also the official Snort documentation for "rule thresholds" here: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node35.html.
In the Snort package on pfSense, rule thresholds are managed via Suppress Lists. Sounds like you need to examine your ALERTS tab entries and determine which specific rule is blocking. Once you do that, you can either disable that rule entirely, or you can choose to suppress it for certain hosts.
If you are a new IDS security admin, then I always STRONGLY recommend that you run Snort or Suricata for several weeks with blocking disabled. During that time look frequently at the ALERTS tab for all IDS interfaces and carefully examine what is being detected and alerted on. Investigate the alerts to determine if they are a false positive. If they are, then you need to take some type of action. Either disable the triggering rule, or suppress it (or "threshold it" to use the Snort manual's term) to control the alerting.
