Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to add exception in Short?

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      apacen
      last edited by

      Hi!
      I plug Snort module in PfSense, now i want to configure out it before blocking switch on.
      I update Snort, then i have create snort-interface for internet network adapter.
      In snort-interface i have switch on "Portscan Detection" preprocessor, in categories i have choose "snort_scan.rules". And then i have launch Snort.
      In Snorts Alerts i started to see this records:
      12/10-11:16:42   2      Attempted Information Leak   x.x.x.x      y.y.y.y1       122:5:1    PSNG_TCP_FILTERED_PORTSCAN
      12/10-11:16:27   2      Attempted Information Leak   x.x.x.x      y.y.y.y2       122:7:1    PSNG_TCP_PORTSWEEP_FILTERED
      Where x.x.x.x is ip of my external zabbix server, and y.y.y.y1, y.y.y.y2 are ip of my internal machines with Zabbix clients.
      I have add zabbix server to WhiteList, plug it (zabbix server) to Snort-interface and relaunch Snort.
      This don't help, in Alerts i see the same new records.
      In Snort-interface (in Whitelist configuration) i have found this note:
      Note:
      This option will only be used when block offenders is on.
      As i understand, Whitelist affects only on blocking.
      How i can disable in Alert false traffic warning records, which are received from my external servers ?
      Thanks for your help.
      snort.png
      snort.png_thumb

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        did you tried to search this packages section????

        There are several topics on the subject, this recent one is an example:
        http://forum.pfsense.org/index.php/topic,56550.0.html

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.