Ip on whitelist but snort is stil triggering/blocking



  • My news provider is triggering a "SHELLCODE x86 setuid 0" alert and is therfor blocked.
    "googeling" the alert i found this article: http://security.raffy.ch/projects/Raffael_Marty_GCIA/node14.html after reading this i wanted to pass the trafic for the News server without triggering any rules/blocking so i added a cople of news server ip's to the whitelist … but snort is still trigering and blocking the server ?  even thou the server ip is clearly listed in th "whitelist" ?


Log in to reply