SNORT BLOCKING EVERYTHING



  • Well I am not sure what the heck to do. I have about a dozen pfSense boxes running and I have a problem with snort on everybox.

    System Specs:

    pfSense 1.2RC2
    Dell Power Edge 1750 Rackmount
    Xeon Quad Core 3.06 GHz
    4 Gig of RAM
    3 Gig NIC's Broadcom

    Snort does a very good job blocking, but thats the problem, its doing to good of a job. It will block anything and everything. This is a problem trying to recieve e-mail or access websites that are other venders and know agencies. It will even block venders trying to transfer files or even IP's of people trying to visit our site.

    I am using all default install settings excpet the check box that blocks offenders automatically when an alert is generated. I have reinstalled and removed the package constantly. This is a real pain.

    Right now I have things set to not block offenders when an alert is generated, but from my understanding that is defeating the purpose of snort.

    Any help would be great.


Log in to reply