Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Snort preprocessor blocking but nothing in alerts

pfSense Packages

2

2

1.6k

Log in to reply

S

soulandmind
last edited by

Hi everyone

My preprocessor snort package is blocking WAN or OPT1 address few times a day.
Blocked addresses tab is looking like this:

3 xxx.xxx.xxx.xxx (http_inspect) DOUBLE DECODING ATTACK
4 xxx.xxx.xxx.xxx FTP Bad login
5 xxx.xxx.xxx.xxx (spp_rpc_decode) Incomplete RPC segment
6 xxx.xxx.xxx.xxx (ftp_telnet) FTP bounce attempt

But I haven't that on "Alerts" tab, so I don't know how to suppress that alerts (what sid, src, dst etc.).
I have loadbalancing rule in firewall. Mabye it's connected?
What can I do?

Best Regards
Mateusz Blaszka
1 Reply Last reply
Reply Quote 0
J

johnnybe
last edited by

What pfsense version are you running? If it's v.2 Beta, check Snort > Alerts tab if the "Default is On" option is ticked.
you would not believe the view up here
1 Reply Last reply
Reply Quote 0

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

1 / 1