Ip on whitelist but snort is stil triggering/blocking
Klexx last edited by
My news provider is triggering a "SHELLCODE x86 setuid 0" alert and is therfor blocked.
"googeling" the alert i found this article: http://security.raffy.ch/projects/Raffael_Marty_GCIA/node14.html after reading this i wanted to pass the trafic for the News server without triggering any rules/blocking so i added a cople of news server ip's to the whitelist … but snort is still trigering and blocking the server ? even thou the server ip is clearly listed in th "whitelist" ?