Snort blocking the *internal* IP when bittorrent is detected?

  • Hello,

    When using snort to detect bittorrent, the alert is generated, and an IP is blocked.

    However- the IP is always the INTERNAL ip (eg of the machine running the BT client, meaning the machine in question is completely cut off from the outside for an hour.

    Other rules (eg porn filter etc) block the correct IP (the remote host).

    What's going on here? Is this fixable?


  • Set your internal IP on the "white list", then it works.

  • Pretty sure it doesn't, even WITH the internal IP whitelisted… >_<

Log in to reply