Snort banning myself every hour

  • I encounter that snort is banning myself every hour or when my browser checks open sites. I have multiple tabs open and did entered under suppression the necessary things, but again i get blocked.

    (http_inspect) DOUBLE DECODING ATTACK
     	 2	 My IP	 (portscan) UDP Filtered Portsweep
     	 3	 My IP	 (portscan) TCP Portsweep

    Here my browser crashed and i had to restart it.

    My suppression entries look like this:

    suppress gen_id 122, sig_id 3
    suppress gen_id 122, sig_id 23

    Do i have to enter the source-IP? It changes often (ISP via PPPOE) due to a bad line.

Log in to reply