Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Any way to have snort automatically allow traffic from Private Internet Access ?

    IDS/IPS
    3
    3
    841
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      psulions5 last edited by

      I would say once a day, snort automatically blocks PIA with the UDP traffic rule 123:8 (spp_frag3) Fragmentation overlap. I keep having to allow an IP address so the VPN traffic starts back up. My fear is that they have an unending IP range, and I will have to do this all the time.

      So my question is - Is there a way to allow traffic from "choopa" (DNS lookup comes back with that) so I don't continually have to unblock IPs from my VPN?  I guess disabling that rule would work, but is that wise?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • P
        pfBasic Banned last edited by

        I haven't used snort but what you basically want to do is either disable the role causing the false positive, or allow traffic on port 1194 (OpenVPN​port).

        1 Reply Last reply Reply Quote 0
        • bmeeks
          bmeeks last edited by

          You will have to disable the rule if you can't pin down the IP range.  There is no capability for dynamic DNS lookup with either Snort or Suricata.  So you can't use a DNS name in a passlist alias.  This is due to the enormous overhead DNS lookups would add to packet processing.  The thread would hang waiting for the DNS lookup to complete.

          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy