Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Blocking Kerio Webmail after log in

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tnorbut13
      last edited by

      Having some issues with Snort blocking Kerio Webmail after a user has logged in.  A user hits the External facing web page via SSL (Port 443) with no issues.  Goes through login, gets a display of their email, but after clicking on 1 or 2, Snort will then flag the IP with the following information:

      PROTO:255 (portscan) TCP Filtered Portscan 122:5:0

      I turned off Port Scan Preprocessor completely and the alert stops showing up and the traffic is allowed.  Is there a way I can fine tune the rules to allow this traffic and keep the Port Scan blocker on?

      Snort Info
      Services: Snort 2.8.6.1 pkg v. 1.33
      SNORT.ORG >>>  "8d1ebdd08ac1c861a79e8f0e75f8b5c4"
      EMERGINGTHREATS.NET >>>  6511
      PFSENSE.ORG >>>  102

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.