SNORT, OpenAppID and weird Block reason: Gateway GEO-IP Filter Alert¨



  • Hello Everyone!
    I"ve been reading this forum for a long time and usually found answers to my issues.
    But now I've  encountered something that I cant resolve.

    I installed and configured SNORT.
    I also decided to try the OpenAppID rules, which all installed except the Snort OpenAppID RULES Detectors.
    That MD5 error kept bugging me for a long time, so I decided to install them semi-manually.
    I amended the original update script to forgo the MD5 check.
    From what i can tell the RULES Detectors installed.
    But right after that i get the Block reason: Gateway GEO-IP Filter Alert in the SNORT update window.

    window message:
    –---------------------------------------------------------------------------------
    This site has been blocked by the network administrator.
    Block reason: Gateway GEO-IP Filter Alert

    IP address: 2XX.XXX.XXX.XXX

    Connection initiated from country: XXXXXXXXXXXXXXXXXX

    I do NOT have any COUNTRY blocks, just some pfBlockerNG lists.

    I am thinking that one of the OpenAppID RULES Detectors I downloaded/updated is causing  this window.
    Is there any way to trace the rule that creates this windows?

    Thank you in advance.

    DBcom