Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Any way to have snort automatically allow traffic from Private Internet Access ?

    IDS/IPS
    3
    3
    911
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      psulions5
      last edited by

      I would say once a day, snort automatically blocks PIA with the UDP traffic rule 123:8 (spp_frag3) Fragmentation overlap. I keep having to allow an IP address so the VPN traffic starts back up. My fear is that they have an unending IP range, and I will have to do this all the time.

      So my question is - Is there a way to allow traffic from "choopa" (DNS lookup comes back with that) so I don't continually have to unblock IPs from my VPN?  I guess disabling that rule would work, but is that wise?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • P
        pfBasic Banned
        last edited by

        I haven't used snort but what you basically want to do is either disable the role causing the false positive, or allow traffic on port 1194 (OpenVPN​port).

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          You will have to disable the rule if you can't pin down the IP range.  There is no capability for dynamic DNS lookup with either Snort or Suricata.  So you can't use a DNS name in a passlist alias.  This is due to the enormous overhead DNS lookups would add to packet processing.  The thread would hang waiting for the DNS lookup to complete.

          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post