Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort blocking iTunes?

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      miles267
      last edited by

      Hi - was hoping someone might be able to assist.  Appears snort blocks my iPhone/iPad from connecting to the Apple itunes store for app updates, etc.  I've been unable to determine which IP(s) are associated with iTunes and end up clearing all snort blocked IPs which resolves the issue.  Has anyone else determined which IP (CIDR) or suppress rules need to be applied in order to resolve the iTunes issue?

      1 Reply Last reply Reply Quote 0
      • D
        digdug3
        last edited by

        What rules are triggered? A friend of mine actually had spyware on his iphone that Snort saw and so his phone was blocked.

        1 Reply Last reply Reply Quote 0
        • M
          miles267
          last edited by

          Here's the alert that's triggered:

          Date PRI PROTO CLASS SRC SRCPORT DST DSTPORT SID DESCRIPTION
          08/05-08:54:45 2 TCP Potentially Bad Traffic SourceIP 43617 68.156.83.232 443 137:1:2 [click to add to suppress list] "(ssp_ssl) Invalid Client HELLO after Server HELLO Detected"
          08/05-08:54:45 2 TCP Potentially Bad Traffic SourceIP 43617 68.156.83.232 443 137:1:2 [click to add to suppress list] "(ssp_ssl) Invalid Client HELLO after Server HELLO Detected"

          1 Reply Last reply Reply Quote 0
          • D
            digdug3
            last edited by

            You can add that SID to the supression list. It's the way the iphone makes it's connection that is triggering the SSP rule. SSP is Windows only tech.
            see: http://groups.google.com/group/snortusers/tree/browse_frm/month/2011-04/931943bd96ceb0a1?rnum=91&_done=%2Fgroup%2Fsnortusers%2Fbrowse_frm%2Fmonth%2F2011-04%3F

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.