Snort 2.8.5.3 pkg v. 1.23 issues
-
So far the only problem I have with the new version is the whitelist is broken (firefox 3.6 and IE 8). At the bottom of the whitelist where I add in ip's, I filled out the first one, and then hit the + to bring another line up like in 1.22 and it does not work anymore. So whitelists are broken for me.
That and I am now getting this message when starting snort.
kernel: arpresolve: can't allocate route for 192.168.100.1
Those IP's are on a vpn, so it makes sense that it does not route. Not sure why snort is calling for it. Anyways, no issues there as the vpn is working and snort is not blocking it.Still wondering if there is a way to set the portscan settings. With 1.22 package I had people getting blocked just getting email, so I had to turn the portscan off. Way too agressive…
-
Found the issue on the whitelist problem, seems the files been saved in a none unix format
Use the suppress tab to quiet or disable that portscan alert. The alert is a preprocessor. Search the forums on thresholding.
"kernel: arpresolve: can't allocate route for 192.168.100.1" ?
James
-
Dear tester_02,
I had the same problems in the "+" buttons to bring another line up for the Whitelist when I use Firefox.
Upgrade to 1.24 seems has fixed the problems. However, i noticed there is a upper limit amount of lines you can enter for this whitelist ip.
Do remember t o check box the "Keep snort settings after deinstall", as a friendly reminder.
Davc
-
I have had success with adding/modifying whitelists using Firefox 3.6 (pfsense 1.2.3 with snort 2.8.5.3 pkg v. 1.24). I don't recall any specific issue with snort 1.23 either, but I only ran that version a short time before upgrading to 1.24.
-
I am having similar issues as these so I thought I would post here. I seem to have reached a limit of IP's for the white-list. When I try to add more they are not saved. I probably have close to 300
Also with port scan enabled my blocked list quickly grew to almost 20,000.
-
I had 309 entries in my white-list, found some duplicate entries and changed some to networks instead of many in a row. It's down around 290 now and I can add more. Maybe 300 is the limit?