Snort banning myself every hour
_igor_ last edited by
I encounter that snort is banning myself every hour or when my browser checks open sites. I have multiple tabs open and did entered under suppression the necessary things, but again i get blocked.
(http_inspect) DOUBLE DECODING ATTACK 2 My IP (portscan) UDP Filtered Portsweep 3 My IP (portscan) TCP Portsweep
Here my browser crashed and i had to restart it.
My suppression entries look like this:
suppress gen_id 122, sig_id 3
suppress gen_id 122, sig_id 23
Do i have to enter the source-IP? It changes often (ISP via PPPOE) due to a bad line.