Snort mailing list archives

Openappid dropping reddit but not facebook

From: Tarek Ben Soltane via Snort-users <snort-users () lists snort org>
Date: Tue, 17 Oct 2017 20:35:49 +0100

Dear all,
Thank you for taking the time to read my post.

I am running Snort Inline Afpacket (bridge).

I have 2 rules that are supposed to block reddit and facebook, using
openappid, such as:

drop tcp any any -> any any (msg:”Too much noise”; appid: Facebook ;
sid:1000000; rev:1)

drop tcp any any -> any any (msg:”Too much noise”; appid: Reddit;
sid:1000001; rev:1)

Reddit is blocked successfully whereas Facebook is not :)

I am running snort with option "-k none", and version is 2.9.11

Has anyone seen a similar behavior?

Best regards,
Tarek

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Openappid dropping reddit but not facebook Tarek Ben Soltane via Snort-users (Oct 17)