SNORT, OpenAppID and weird Block reason: Gateway GEO-IP Filter Alert¨
-
Hello Everyone!
I"ve been reading this forum for a long time and usually found answers to my issues.
But now I've encountered something that I cant resolve.I installed and configured SNORT.
I also decided to try the OpenAppID rules, which all installed except the Snort OpenAppID RULES Detectors.
That MD5 error kept bugging me for a long time, so I decided to install them semi-manually.
I amended the original update script to forgo the MD5 check.
From what i can tell the RULES Detectors installed.
But right after that i get the Block reason: Gateway GEO-IP Filter Alert in the SNORT update window.window message:
–---------------------------------------------------------------------------------
This site has been blocked by the network administrator.
Block reason: Gateway GEO-IP Filter AlertIP address: 2XX.XXX.XXX.XXX
Connection initiated from country: XXXXXXXXXXXXXXXXXX
I do NOT have any COUNTRY blocks, just some pfBlockerNG lists.
I am thinking that one of the OpenAppID RULES Detectors I downloaded/updated is causing this window.
Is there any way to trace the rule that creates this windows?Thank you in advance.
DBcom