• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort: With or Without Auto Blocking?

Scheduled Pinned Locked Moved pfSense Packages
3 Posts 3 Posters 1.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    naughtyusmaximus
    last edited by Aug 12, 2009, 3:19 PM

    Is there any point in running snort without automatically blocking "offenders"?  I'm getting a lot of false positives from my international users (with dynamic IPs), and I don't want to deny them email/website access.

    1 Reply Last reply Reply Quote 0
    • L
      lordarcane
      last edited by Aug 14, 2009, 8:32 AM

      Without block its more like an infometer. You can check out the ip´s and so on of the one´s trying to get to your network. But if it is saftey your worried about, I think that the pf sense does a good job of protecting you anyway!

      1 Reply Last reply Reply Quote 0
      • N
        neyz
        last edited by Apr 14, 2010, 5:24 PM

        Kinda reviving this thread but is it possible de choose what rules should trigger a block ? Right now it seems by default every single alert creates a block which means there is ALOT of false positives so activating the auto block is just suicide.

        It also seems impossible to edit the basic rules for http_inspecter and ftp because they get overwritten each time you restart the service, you can add stuff in the configuration form but you can't edit section that are already in the default conf. (thinking about the "http_inspect: NON-RFC DEFINED CHAR" that alot of people are getting)

        Thanks !

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received