Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is OpenAppID dead?

    Scheduled Pinned Locked Moved IDS/IPS
    5 Posts 3 Posters 785 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stauraum
      last edited by

      Today i've setup snort on a pfSense-Box for Application blocking. I've seen that the file which downloaded during setup ist last updated in late 2017.

      Will the file still be maintained?

      Kind regards

      54e529e0-c0cf-45d7-817e-e933857e6d68-image.png

      NogBadTheBadN 1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad @stauraum
        last edited by NogBadTheBad

        @stauraum Not exactly sure where you are looking but I have .lua files dated 5th November:-

        [2.4.5-RELEASE][admin@pfsense]/root: find / -name client_5by5_Radio.lua -print
/usr/local/etc/snort/appid/odp/lua/client_5by5_Radio.lua
[2.4.5-RELEASE][admin@pfsense]/root: ls -alg /usr/local/etc/snort/appid/odp/lua/client_5by5_Radio.lua
-rw-r--r--  1 root  wheel  2185 Nov  5 21:42 /usr/local/etc/snort/appid/odp/lua/client_5by5_Radio.lua
[2.4.5-RELEASE][admin@pfsense]/root:

        Ah you're looking at https://files.pfsense.org/openappid/appid_rules.tar.gz I think it pulls some files off the snort web site and the appid_rules.

        @bmeeks would be the guy in the know.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 1
        • bmeeksB
          bmeeks
          last edited by bmeeks

          The file was created by a set of volunteers at a University in Brazil. They maintained it for a time, but then stopped. The physical file is hosted by Netgate because the University where it was created used GeoIP blocking that was preventing users from some areas of the world from downloading the file. So Netgate agreed to grab it and host a copy on their servers.

          However, it does appear the maintainers stopped updating the file quite some time ago. It is currently not updated so far as I know.

          1 Reply Last reply Reply Quote 1
          • S
            stauraum
            last edited by

            @nogamer @bmeeks Ok, I've found my services in "odp/appMapping.data" which was updated in november 2020. So i can create custom rules to block these services in my network.

            I hope so that this file is updated in the future.

            bmeeksB 1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks @stauraum
              last edited by

              @stauraum said in Is OpenAppID dead?:

              @nogamer @bmeeks Ok, I've found my services in "odp/appMapping.data" which was updated in november 2020. So i can create custom rules to block these services in my network.

              I hope so that this file is updated in the future.

              I think there is some interest in updating the file from another party, but I can't say who for now. Perhaps they will choose to takeover maintaining the OpenAppID text rules going forward.

              In the meantime, you can certainly create your own custom OpenAppID rules to supplement those available in the standard archive. You found the proper location for identifying application names (in /usr/local/etc/snort/appid/odp/appMapping.data).

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.