Suricata blocks torrent traffic
-
Hi,
Suricata goes mad and blocks my torrent traffic though p2p rule is not enabled.
I have just these rules enabled:
emerging-attack_response.rules
emerging-botcc.portgrouped.rules
emerging-botcc.rules
emerging-ciarmy.rules
emerging-compromised.rules
emerging-current_events.rules
emerging-dos.rules
emerging-dshield.rules
emerging-exploit.rules
emerging-malware.rules
emerging-mobile_malware.rules
emerging-rbn-malvertisers.rules
emerging-trojan.rules
emerging-worm.rulesThere are a lot of alerts with description:
SURICATA STREAM Packet with invalid timestamp
SURICATA STREAM excessive retransmissions
How to fix it ?
What are recommended rule sets to not disturb p2p traffic and have safe LAN ?
regards
-
Hi,
Suricata goes mad and blocks my torrent traffic though p2p rule is not enabled.
I have just these rules enabled:
emerging-attack_response.rules
emerging-botcc.portgrouped.rules
emerging-botcc.rules
emerging-ciarmy.rules
emerging-compromised.rules
emerging-current_events.rules
emerging-dos.rules
emerging-dshield.rules
emerging-exploit.rules
emerging-malware.rules
emerging-mobile_malware.rules
emerging-rbn-malvertisers.rules
emerging-trojan.rules
emerging-worm.rulesThere are a lot of alerts with description:
SURICATA STREAM Packet with invalid timestamp
SURICATA STREAM excessive retransmissions
How to fix it ?
What are recommended rule sets to not disturb p2p traffic and have safe LAN ?
regards
Go to the SYSTEM > ADVANCED menu in pfSense and then to the Networking tab. Check the three checkboxes to Disable Hardware Checksum Offload, Disable Hardware TCP Segmentation Offloading and Disable Hardware Large Receive Offloading.
If that does not stop the problem, then just disable those rules by clicking the red X beside the alert in the GID:SID column on the ALERTS tab.
Bill
-
thanks. it helped with torrents :)
