Snort Problem



  • Hello all. I'm seem to be having a problem with Snort. I'm trying to block access to chat using the chat ruleset. I am running pfSense 1.0-RELEASE with Snort 2.6.0.2.2. I have "Block Offenders" checked, however it doesn't see to block the msn logon. I see the following in Snort Alerts so i know it sees the site as being bad. however doesn't stop access.

    [ ** ] [ 1:1991:2 ] CHAT MSN login attempt [ ** ] 
    [ Classification: Potential Corporate Privacy Violation ] [ Priority: 1 ] 
    10/18-22:37:42.204944 64.251.50.179:51129 -> 207.46.111.65:1863
    TCP TTL:127 TOS:0x0 ID:28347 IpLen:20 DgmLen:385 DF
    AP Seq: 0x19D723B5 Ack: 0xC0D9CB24 Win: 0xFF5C TcpLen: 20

    Thanks,
    Brian



  • Yep, I have exactly the same problem, I've even got IP's showing in the Snort Blocked tab that I can visit.

    Have I misunderstood the point of the SNORT package? I thought it would block access to sites based on the rules, and yet it seems to make no difference at all

    ??? After some playing around, I've managed to get it into a state where it won't report anyhting now, even uninstalling SNORT and re-installing seems not to make any difference



  • Try this.  Trigger a block.  Exit MSN, and relaunch.  Are you now blocked?



  • I did try your suggestion and it did not work. Also nothing shows up under Snort Blocked.



  • @Brian_Andle:

    I did try your suggestion and it did not work. Also nothing shows up under Snort Blocked.

    Then your rules are not triggering.


Log in to reply