Thanks a lot mayak for your information
Regards, Indrajaya Pitra Perdana
On 4/13/2010 1:36 PM, mayak-cq wrote:
On Tue, 2010-04-13 at 08:20 +0700, Indrajaya Pitra Perdana wrote:
Hello guys, can somebody help me? thanks
Regards, Indrajaya Pitra Perdana
On 4/12/2010 11:11 AM, Indrajaya Pitra Perdana wrote:
Dear all,
I try to add a suppress rule in the threshold.conf like this:
suppress gen_id 122, sig_id 1, track by_dst, 10.10.10.0/24
But snort won't start with this kind of error:
/usr/local/etc/snort/threshold.conf(4) => Suppress-Parse: argument
pairing error
Can somobody help me where exactly i'm doing wrong? thanks alot
Note: i'm using Snort 2.8.4.1_5 pkg v. 1.6
hi indrajaya,
imho, you should probably consider snort as experimental, as far as the
pfsense release goes.
i have also had very bad luck -- i decided to block offending hosts, and
after accumulating several hundred, the router blocked wan access. i
cleared, de-installed, and eventually had to reboot in order to let
packets through.
there is no persistance -- if the router is restarted, the blocked list
is lost,
if you upgrade the package, the configuration files are wiped out, so
you need to reboot to restore original config.
barnyard2 is not working either, so there's no way to achieve
persistence on the rule violations.
i would play with it on a non-production router only.
cheers
m
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
