About snort block p2p



  • Running Pfsense 1.2.3
    Snort 2.8.4.1_5 pkg v. 1.7
    Snort set to Interface:WAN
    Activated: Block offenders
    Activated: p2p.rules

    I get lots of p2p (bittorrent) Alerts, but nothing is blocked.

    [ ** ] [ 1:2181:4 ] P2P BitTorrent transfer [ ** ]  
    [ Classification: Potential Corporate Privacy Violation ] [ Priority: 1 ]  
    03/06-10:47:54.536157 123.0.123.99:61433 -> 18.16.20.185:12933
    TCP TTL:127 TOS:0x0 ID:7910 IpLen:20 DgmLen:108 DF
    AP Seq: 0x753947D0 Ack: 0x6F1FEB5F Win: 0xFFFF TcpLen: 20

    how to debug?


Log in to reply