Snort mailing list archives
Re: Plex and Netflix issues
From: Lucas Smith via Snort-users <snort-users () lists snort org>
Date: Sun, 20 Jan 2019 16:42:27 -0600
With Discord, as long as you know the server you're connecting to for voice traffic, yes. If it's triggering GID 137 rules in the preprocessor though, you're probably better off turning those rules off instead of trying to whitelist because I know those rules will also hit Hulu and a few other streaming services which use CDNs. Not sure on if suppressing would be viable as a fix. Others may know a better option than I on this. Lucas On Sat, Jan 19, 2019 at 12:15 AM Ryan Ritchie <ryno5514 () gmail com> wrote:
Thanks, I will look into the edits. Is there a better way to filter the traffic from said apps to make sure it is that traffic? On Fri, Jan 18, 2019, 11:05 PM Lucas Smith via Snort-users < snort-users () lists snort org wrote:I also use discord behind a PfSense box running snort and do not have any sort of issues. I seem to recall that Hulu tended to trigger GID 137 on SIDs 1 and 2 under the preprocessor though I never did figure out why. Are you using snort on something like PfSense or a different OS? PfSense to check blocked hosts would be Services > Snort > Blocked. If you see something like SSL_INVALID_SERVER_HELLO or SSL_INVALID_CLIENT_HELLO, that would mean GID137:SIDs 1 and 2 would be good to turn off in the interface-specific settings. It'll be in preprocessor.rules. Like wkitty42 pointed out though, you'll want to look at the alerts raised first before jumping to disabling rules. Hope this helps, Lucas On Sun, Jan 13, 2019 at 6:33 AM wkitty42--- via Snort-users < snort-users () lists snort org> wrote:On 1/13/19 12:45 AM, Ryan Ritchie via Snort-users wrote:I just need to figure out why it blocked Discord, Plex and Netflixand howto prevent it from blocking it.you look at the alerts that were raised... once you know the rules that triggered the alerts, either disable those rules that were triggered OR threshold them for those roku and plex devices' IPs... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Plex and Netflix issues Ryan Ritchie via Snort-users (Jan 12)
- Re: Plex and Netflix issues wkitty42--- via Snort-users (Jan 13)
- Re: Plex and Netflix issues Lucas Smith via Snort-users (Jan 18)
- Re: Plex and Netflix issues Ryan Ritchie via Snort-users (Jan 18)
- Re: Plex and Netflix issues Lucas Smith via Snort-users (Jan 20)
- Re: Plex and Netflix issues Lucas Smith via Snort-users (Jan 18)
- Re: Plex and Netflix issues wkitty42--- via Snort-users (Jan 13)