Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort reverse lookup icon

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Clear-Pixel
      last edited by

      @meeks
      I have noticed the blue information Icon for reverse lookup opens in the same window. This is the same for Pfsense Firewall logs etc…..

      Would it pose a security risk if it opened up in a new window rather than the existing window? I'm thinking it would be like opening up a new session of the admin page?

      If their is no security risk, could you make this change in the next release?

      HP EliteBook 2530p Laptop - Core2 Duo SL9600 @ 2.13Ghz - 4 GB Ram -128GB SSD
      Atheros Mini PCI-E as Access Point (AR5BXB63H/AR5007EG/AR2425)
      Single Ethernet Port - VLAN
      Cisco SG300 10-port Gigabit Managed Switch
      Cisco DPC3008 Cable Modem  30/4 Mbps
      Pfsense 2.1-RELEASE (amd64)
      –------------------------------------------------------------
      Total Network Power Consumption - 29 Watts

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @Clear-Pixel:

        @meeks
        I have noticed the blue information Icon for reverse lookup opens in the same window. This is the same for Pfsense Firewall logs etc…..

        Would it pose a security risk if it opened up in a new window rather than the existing window? I'm thinking it would be like opening up a new session of the admin page?

        If their is no security risk, could you make this change in the next release?

        The next release will duplicate exactly the way the reverse DNS lookup icons work in the firewall logs.  There will be two icons.  One opens a quick pop-up dialog window, and the other opens the Diagnostics…DNS page.  This is only true on pfSense 2.1 and higher, though.  Apparently the DNS lookup code on 2.0.x does not implement the dialog output option.  At least that's what I observed in my testing of the new Snort package.  So if you have 2.0.x pfSense, you get the current DNS lookup behavior.  If you have 2.1 or higher, then you get the new behavior.

        I have submitted the update for 2.9.5.6 of the Snort binary.  Once it is confirmed to build a package correctly, then I will submit an update to the Snort GUI to version 3.0.3.  That will include the new reverse DNS feature along with two other asked-for features:  (1) the ability to manage all rules both regular and decoder/preprocessor text rules, (2) the ability to force-disable a rule from the ALERTS tab.

        Bill

        1 Reply Last reply Reply Quote 0
        • C
          Clear-Pixel
          last edited by

          Why is it often times many IP's are missing the reverse DNS info?

          Is it a DNS server with a poorly compiled DNS list?

          It would seem the IP would be out of compliance if no Name was attached?

          HP EliteBook 2530p Laptop - Core2 Duo SL9600 @ 2.13Ghz - 4 GB Ram -128GB SSD
          Atheros Mini PCI-E as Access Point (AR5BXB63H/AR5007EG/AR2425)
          Single Ethernet Port - VLAN
          Cisco SG300 10-port Gigabit Managed Switch
          Cisco DPC3008 Cable Modem  30/4 Mbps
          Pfsense 2.1-RELEASE (amd64)
          –------------------------------------------------------------
          Total Network Power Consumption - 29 Watts

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            @Clear-Pixel:

            Why is it often times many IP's are missing the reverse DNS info?

            Is it a DNS server with a poorly compiled DNS list?

            It would seem the IP would be out of compliance if no Name was attached?

            There are a fairly significant number of the "spammer" and other blacklisted IPs that do not resolve via DNS lookups.  Not really surprising when you realize these guys don't want to be found… ;)

            Bill

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.