![snort logo](/images/snort-logo.png)
Snort mailing list archives
Snort with openappid doesn't block android apps
From: Navneet Singh <navneet.singh2012 () gmail com>
Date: Thu, 19 Nov 2015 21:23:42 +0530
Hi All I am testing snort 2.9.7.6 with openappid on ARM platform. Snort is using nfq as daq mode and i am able to block various sites as per their appid rules in various browsers. But none of the appid that also has its own android application is blocking on the client, however if i browse the same site using browser on the client it is blocking fine. I tried known applications like facebook, youtube, whatsapp but none is able to block. I use this command sudo snort -Q --daq nfq --daq-var device=wlan1 --daq-var queue=1 -c /etc/snort/snort.conf -A console followed by sudo iptables -t nat -I PREROUTING -j NFQUEUE --queue-num 1 sudo iptables -I FORWARD -j NFQUEUE --queue-num 1 sudo iptables -I INPUT -j NFQUEUE --queue-num 1 sudo iptables -I OUTPUT -j NFQUEUE --queue-num 1 to run snort. Here wlan1 is in AP mode and other clients are connected to this interface. I am also attaching snort.conf, local.rules files and logs when i run snort. Please help me with this issue. -- Regards Navneet
Attachment:
snort.conf
Description:
Attachment:
local.rules
Description:
Attachment:
snort_log
Description:
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort with openappid doesn't block android apps Navneet Singh (Nov 19)
- Re: [Snort-openappid] Snort with openappid doesn't block android apps Costas Kleopa (ckleopa) (Nov 19)