Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort with openappid doesn't block android apps

From: Navneet Singh <navneet.singh2012 () gmail com>
Date: Thu, 19 Nov 2015 21:23:42 +0530
Hi All

I am testing snort 2.9.7.6 with openappid on ARM platform. Snort is using
nfq as daq mode and i am able to block various sites as per their appid
rules in various browsers. But none of the appid that also has its own
android application is blocking on the client, however if i browse the same
site using browser on the client it is blocking fine. I tried known
applications like facebook, youtube, whatsapp but none is able to block.

I use this command
sudo snort -Q --daq nfq --daq-var device=wlan1 --daq-var queue=1 -c
/etc/snort/snort.conf -A console

followed by
sudo iptables -t nat -I PREROUTING -j NFQUEUE --queue-num 1
sudo iptables -I FORWARD -j NFQUEUE --queue-num 1
sudo iptables -I INPUT -j NFQUEUE --queue-num 1
sudo iptables -I OUTPUT -j NFQUEUE --queue-num 1
to run snort.

Here wlan1 is in AP mode and other clients are connected to this interface.

I am also attaching snort.conf, local.rules files and logs when i run snort.

Please help me with this issue.

--
Regards
Navneet

Attachment: snort.conf
Description:

Attachment: local.rules
Description:

Attachment: snort_log
Description: 

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: