Snort mailing list archives
Re: A suppressed IP address still got blocked
From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Tue, 12 Dec 2017 20:22:57 +0000
Suppression just turns off the alerts. The action is still taking place. You have to pass the traffic before it is blocked. -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On Dec 12, 2017, at 10:00 AM, Glenn Ungaro <gungaro () necscorp com<mailto:gungaro () necscorp com>> wrote: Hello All I work for a MSP and we host several companies email. I have Snort running at the main client’s facility. 4 weeks ago the MSP’s barracuda was flagged by Snort as a possible spambot. I then put it in my suppress list and for some reason a few days ago it blocked the MSP’s barracuda again. Now I have Snort running as IDS now and the barracuda still has the same IP Address it always had. How can I make sure this won’t happen again if I turn Snort back to blocking. Snort is running on pfSense 2.2.4 with a Lanner router. Any help is greatly appreciated. Thank You Glenn Ungaro Asst. Network Administrator Northeast Computer Corp. gungaro () necscorp com<mailto:gungaro () necscorp com> 845-629-0634 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org<mailto:Snort-sigs () lists snort org> https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- A suppressed IP address still got blocked Glenn Ungaro (Dec 12)
- Re: A suppressed IP address still got blocked Joel Esler (jesler) via Snort-sigs (Dec 12)