Pfsense and Snort



  • I have installed Pfsense and installed the snort package. I activated snort and applied all snort ruleset,
    ET Open Rules, Snort Text Rules and  Snort SO Rules, save and made sure snort is running. But after this when i open Microsoft outlook and do a send / receive, i get an error message saying POP3 error cannot connect to mail server 0x80042108. when i stopped snort from running,  outlook send/receive now works fine without this error message. I want to continue using snort and keep all rule sets activated but doing this affects Microsoft outlook ,Can someone please help.



  • @Edem:

    I have installed Pfsense and installed the snort package. I activated snort and applied all snort ruleset,
    ET Open Rules, Snort Text Rules and  Snort SO Rules, save and made sure snort is running. But after this when i open Microsoft outlook and do a send / receive, i get an error message saying POP3 error cannot connect to mail server 0x80042108. when i stopped snort from running,  outlook send/receive now works fine without this error message. I want to continue using snort and keep all rule sets activated but doing this affects Microsoft outlook ,Can someone please help.

    You can't just install Snort, download rules, and enable blocking.  If you do that, you get what happened to you – blocking of legitimate traffic.  If you are new to using Snort, go to the Packages sub-forum and click on the sticky thread at the top which shows you how to configure it.  There is also a thread on suggested Suppress List entries to prevent some of the most common false-positive alerts.

    Here is the Quick Setup thread: https://forum.pfsense.org/index.php?topic=61018.0
    And here is the Master Suppress List thread: https://forum.pfsense.org/index.php?topic=56267.0

    Bill



  • Thanks Bill for your reply. I was on holiday out at a remote location so could not response quickly. I will check the material and see if it would help me set this up quickly. Do you also have any literature on how to setup IDS and IPS with snort.