Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SNORT Dynamic WAN IP

    IDS/IPS
    2
    3
    337
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      saduccm last edited by

      Hi,

      i have just installed SNORT and configured as best as i can. It also run well for about 1 day, after that i recognized snort i blocking all traffic.
      After some researches it seems i got a new WAN IP from my provider and snort didnt recognize that new IP, so it blocked it.

      In Snort config i have checked all settings for allowing WAN IPs.

      I have also checked in System-Log if packages are reloaded, i also saw an entry there from Snort.

      Is there something i a missing or is there another way to restart snort on WAN IP Change?

      1 Reply Last reply Reply Quote 0
      • S
        saduccm last edited by

        Solved, there were some False Positive Alerts which leaded to that Problem.

        1 Reply Last reply Reply Quote 0
        • G
          gryest last edited by

          Hi, I found I have the same problem. I wasn't sure but today internet suddenly stopped when I was online and I found PPPoE is down because WAN IP changed. What happened is: Snort detected new IP connected to website IP I was browsing 5 minutes ago as "port sweep"  and effectively blocked my new WAN IP together with all internet taking down VoiP and Internet radio tuner.

          I like to know how to mitigate such problem correctly because next time it can be other false positive or rule trigger same outage.
          Is any rule can be added to whitelist WAN IP as alias?
          Thanks

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy