Snort blocking all torrents

  • Recently installed Snort configured to not block any traffic (alerts only) and loaded the ET rules. Wanted to get an idea of what problems I would have with false positives. After a day or so I realized that snort actually was blocking torrent traffic. The only way I could find to pass the traffic was to uninstall the snort package. I’m sure this whole issue is probably due to ignorance on my part, so I’m looking for advice on how to install and test the package without any major disruptions to my network. Or maybe snort isn’t a good fit with torrents? Should I try some other package?

  • Galactic Empire Netgate

    It cannot block torrents unless "Block offenders" is checked. Make sure it's not checked.

  • It wasn’t checked. I verified it several times. After uninstalling the package the traffic is passing normally though, so it would seem that snort was responsible for blocking it. I was thinking that I must have misconfigured some other snort setting that caused this?

  • I know it’s an old topic, but I have the exact same problem and it’s nowhere else on the forum. Torrents work fine with Snort disabled, but with Snort enabled and starting a torrent it will kill off my VPN client connection within a minute. I tried adding the VPN address to Snort’s pass list but no changes. Anyone with a suggestion?