4. SNORT, OpenAppID and weird Block reason: Gateway GEO-IP Filter Alert¨

SNORT, OpenAppID and weird Block reason: Gateway GEO-IP Filter Alert¨

  • D

    Hello Everyone!
    I"ve been reading this forum for a long time and usually found answers to my issues.
    But now I've  encountered something that I cant resolve.

    I installed and configured SNORT.
    I also decided to try the OpenAppID rules, which all installed except the Snort OpenAppID RULES Detectors.
    That MD5 error kept bugging me for a long time, so I decided to install them semi-manually.
    I amended the original update script to forgo the MD5 check.
    From what i can tell the RULES Detectors installed.
    But right after that i get the Block reason: Gateway GEO-IP Filter Alert in the SNORT update window.

    window message:
    –---------------------------------------------------------------------------------
    This site has been blocked by the network administrator.
    Block reason: Gateway GEO-IP Filter Alert

    IP address: 2XX.XXX.XXX.XXX

    Connection initiated from country: XXXXXXXXXXXXXXXXXX

    I do NOT have any COUNTRY blocks, just some pfBlockerNG lists.

    I am thinking that one of the OpenAppID RULES Detectors I downloaded/updated is causing  this window.
    Is there any way to trace the rule that creates this windows?

    Thank you in advance.

    DBcom

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy