4. SNORT Dynamic WAN IP

SNORT Dynamic WAN IP

  • S

    Hi,

    i have just installed SNORT and configured as best as i can. It also run well for about 1 day, after that i recognized snort i blocking all traffic.
    After some researches it seems i got a new WAN IP from my provider and snort didnt recognize that new IP, so it blocked it.

    In Snort config i have checked all settings for allowing WAN IPs.

    I have also checked in System-Log if packages are reloaded, i also saw an entry there from Snort.

    Is there something i a missing or is there another way to restart snort on WAN IP Change?

    0
  • S

    Solved, there were some False Positive Alerts which leaded to that Problem.

    0
  • G

    Hi, I found I have the same problem. I wasn't sure but today internet suddenly stopped when I was online and I found PPPoE is down because WAN IP changed. What happened is: Snort detected new IP connected to website IP I was browsing 5 minutes ago as "port sweep"  and effectively blocked my new WAN IP together with all internet taking down VoiP and Internet radio tuner.

    I like to know how to mitigate such problem correctly because next time it can be other false positive or rule trigger same outage.
    Is any rule can be added to whitelist WAN IP as alias?
    Thanks

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy