Snort stop blocking even alerts is shown !!?
-
Hi again
Snort was working good but today it stops blocking IPs even it show it on the alert tab . I already checked the "Checking this option will automatically block hosts that generate a snort alert." and it didn't help. I reinstall it and also didn't help. i remove the package and install it again . Same problem . Now what is that ?? -
Any ideas ???
The interesting thing is it is already show the alert but didnot block it … -
Hi
I have the same Issue, but dont know why the IPS isnt working.
It would be a nice feature to select different rules for each Instance of snort running on different Interfaces. -
Come on ! . there is should be a solution if you want pfSense to compete others
beside i will not solve my problems every time alone // -
There must be something in your configuration causing this anomaly, as I just installed Snort on a test system, scanned it remotely, and lost all access.
From a machine on the LAN side of the test system, I confirmed that it generated an alert and was on the block list, and upon returning to the other system I still could not get access.
Only after manually removing the block entry was I able to regain remote access to that system.
It seems to work exactly as expected for me.
-
I have been edit my snort.sh file as shown in the forums a while back open and edit yours to match the example if you need more help past your snort.sh file