Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort - How to ignore rules on specific ports

    pfSense Packages
    2
    3
    2151
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HiTekRedNek last edited by

      pfSense 2.0.1  Snort 2.8.6.1

      I just setup Snort for the first time on my pfSense box. Works pretty good. I went through the FAQ and I'm getting alerts and blocked events. Now I need some help in fine tuning.

      Issue #1 
      When viewing some Youtube videos I'm getting some alerts called "SHELLCODE x86 inc ebx NOOP"

      I looked up the info on SID: 1390 on Snort.org and it recommended ignoring shellcode rules on web ports. I'm not sure how to do this in the pfSense implementation of Snort. If somebody could guide me it would be much appreciated.

      1 Reply Last reply Reply Quote 0
      • R
        richierichim last edited by

        Hi,  It's been a few months since this was last posted and I have the same problem.  I hope a bump will draw renewed attention to this inquiry.
        Thank,

        1 Reply Last reply Reply Quote 0
        • R
          richierichim last edited by

          After rewatching http://www.youtube.com/watch?v=uQ7OrxtiAes I was able recreate a suppression rule for the false positive.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post