Snort acting very weird!



  • snort is acting extremly weird:

    I have enabled at the "whitelists"-section
    Add WAN IPs to the list.
    Add WAN Gateways to the list.
    Add WAN DNS servers to the list.
    Add Virtual IP Addresses to the list.
    Add VPN Addresses to the list.

    So i encountered that i have to manually put every WAN-IP from my ISP to the Whitelist, if not, snort disables all traffic everytime. (Needs some time, but WILL do that!) So i think, it doesn't work as expected.

    Second thing is that some websites are blocked without any alert nor appearing under "blocked", which is weird too.
    One site which is blocked without any alert is http://www.maha-online.de/. I have to disable snort completely to get access to that site.

    Changes in whitelists seem to have no effect if snort isn't completely disabled and enabled again. If not, the whitelist isn't actualized.
    When i disable snort and enable it again, the whole blocked-section is empty, even with "remove blocked hosts" set to "never".

    I'm using snort with amd64 full install, snort is 2.8.6.1 pkg v. 1.35.


Log in to reply