Snort ignoring whitelist



  • Hi guys,
      We have an external VoiP system that connects to our phone system in our office.  It's constantly getting blocked for port scanning.  I've created a whitelist and added the IP to it, then changed the whitelist on all my snort interface to be the new list I've defined.  However, this doesn't' seem to help (I've applied the changes).

    Snort 2.8.6.1 pkg v. 1.34.

    PfSense: 1.2.3.

    Any help would be greatly appreciated.  I've had to disable snort until this is corrected!

    Thanks,
    Todd



  • Have you tried upgrading the package as you are slightly out of date. It should be 2.8.6.1 pkg v. 1.35
    Did you restart snort on the interfaces you altered the whitelists on. I've noticed that it sometimes does not apply changes unless you stop and restart snort on each interface after a change to whitelists.



  • I'm having the same problem, snort doesn't load the custom whitelist i created. My work IPs get block all the time.  I'm using the latest 2.0 BETA5 snapshot, Stable 2.8.6.1 pkg v. 1.35. I know Robert is working on a new release 2.0 so hopefully that will fix it. Since 2.0 is in beta I would rather him spend is time on the new release then fix the old one. just my thoughts

    Stephen


Log in to reply