Snort mailing list archives
Re: snort black list issue
From: anton van der leun <anton () vanderleun com>
Date: Tue, 2 Aug 2016 16:50:58 +0200
Hi Hui, Yes, I checked that already. The client of the test has ip address 192.168.63.1 The white-list is very short: ##callvoip 91.195.160.0/25 91.195.161.0/25 ##microsoft 191.234.4.0/24 ##ger schiedam glas: 163.158.245.128 ##akama1 95.100.96.0/23 ##dell download: 68.232.34.141 ##alex: 37.59.121.224 ##xenserver download: 95.100.97.40 ##freenas: 64.62.136.60 192.168.63.100 ##nagios 192.168.63.199 ##ISPconfig schiedam: 10.117.0.244 ##customer SNORT devices : 192.2.XXX.XXX <changed for privacy reason> 192.168.XXX.XXX <changed for privacy reason> Van: Hui cao [mailto:huica () cisco com] Verzonden: dinsdag 2 augustus 2016 16:43 Aan: anton van der leun <anton () vanderleun com>; Anton van der Leun <anton () triple-t-services nl>; snort-users () lists sourceforge net CC: Alexander van der Leun <alex () triple-t-services nl> Onderwerp: Re: AW: [Snort-users] snort black list issue Hi Anton, You have packets that are whitelisted. Have you checked that either IP is not in whitelist? Do you have this defined in your rule? drop ( msg: "REPUTATION_EVENT_BLACKLIST"; sid: 1; gid: 136; rev: 1; ) Best, Hui. On 08/02/2016 10:21 AM, anton van der leun wrote: Reputation Preprocessor Statistics Total Memory Allocated: 2257540 Number of packets blacklisted: 12 Number of packets whitelisted: 333
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: snort black list issue, (continued)
- Re: snort black list issue Hui Cao (huica) (Aug 01)
- Message not available
- Re: snort black list issue Hui cao (Aug 02)
- Re: snort black list issue anton van der leun (Aug 01)
- Re: snort black list issue anton van der leun (Aug 02)
- Re: snort black list issue Hui cao (Aug 02)
- Re: snort black list issue anton van der leun (Aug 02)
- Re: snort black list issue anton van der leun (Aug 03)
- FW: snort black list issue anton van der leun (Aug 04)
- Re: snort black list issue anton van der leun (Aug 08)
- Re: snort black list issue Hui cao (Aug 02)
- Re: snort black list issue anton van der leun (Aug 02)
- Re: snort black list issue anton van der leun (Aug 02)
- Re: snort black list issue Hui cao (Aug 02)