Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort rule for allowing Logitech Squeezebox streaming service/traffic

From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Mon, 11 Jun 2018 12:38:39 +0000
Hello,

Do you have a sample of the traffic?

http_inspect is a preprocessor so the rule is firing because is sees suspected http traffic with some fields missing 
that should be in standard http communications.



Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com 
 
On 6/11/18, 8:34 AM, "Snort-users on behalf of Dominik Steiner via Snort-users" <snort-users-bounces () lists snort 
org on behalf of snort-users () lists snort org> wrote:

    Hi Snort users
    
    I am quite a beginner with snort and have a tricky question on creating a rule for a radio streaming service.
    
    I am using Logitech Squeezebox as a music streaming system for my home and found out, that since i activated Snort 
it always drops my streaming and i cannot listen to online radios anymore. 
    
    When i found out that snort is blocking my traffic to the squeezebox streaming server, it showed in the alert log 
that it always classifies the traffic as "Unknown Traffic” and it always logs it against the port 9000 from the 
streaming server (where the service is running on) and port 80 (not sure why 80).
    
    Description of blocked traffic is always: (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE
    
    Does anyone have an idea how to fix this and keep snort on while allowing this traffic?
    The service is running on port 9000, how can i create a rule to enable such traffic to flow through?
    
    Haven’t found any thread in the internet which solves this issue, that’s why i am reaching out to you.
    
    Thanks for your support
    _______________________________________________
    Snort-users mailing list
    Snort-users () lists snort org
    Go to this URL to change user options or unsubscribe:
    https://lists.snort.org/mailman/listinfo/snort-users
    
    Please visit http://blog.snort.org to stay current on all the latest Snort news!
    
    Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
    

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: