[Snort-openappid] Using Snort on pfsense

Frederic Lubrano frederic.lubrano at gmail.com
Fri Apr 20 14:06:14 EDT 2018


you use squid, not to mention decryption ?

Le ven. 20 avr. 2018 20:03, Cory Juillerat <cjuillerat at ztlsd.org> a écrit :

> No, I am not doing SSL Decryption. Even if I am not doing decryption, I
> should still be able to see websites that users on our network are
> visiting. For instance, on other firewall manufacturers devices, it might
> show up as Facebook.base or Netflix.base
>
> Thank you,
>
>
> Cory Juillerat, M.S.
>
> Director of Technology
>
> *Phone: *740.772.7667
>
> *Email:* cjuillerat at ztlsd.org
>
>
>
> On Fri, Apr 20, 2018 at 1:52 PM, Frederic Lubrano <
> frederic.lubrano at gmail.com> wrote:
>
>> Hi Cory, you use on pfsense squid in no transparent mode?
>>
>> thanks
>>
>> best regards,
>>
>> fred
>>
>> Le ven. 20 avr. 2018 19:31, Cory Juillerat <cjuillerat at ztlsd.org> a
>> écrit :
>>
>>> Good afternoon,
>>>
>>> I decided to recently try Snort mainly for the App ID capability.. I
>>> work at a school so students are always using social networking apps and
>>> streaming media apps. I created the WAN interface and started the Snort
>>> process on this interface. I am using the predefined balanced IPS policy
>>> and I also placed a check in all of the check boxes underneath Snort
>>> OPENAPPI Rules and Ruleset: ET Open Rules.
>>>
>>> Now onto the issue I am having.. When I go to the alerts tab, most of
>>> what I see is Chrome and http traffic underneath description. There are no
>>> social networking or streaming services populating, even though I know
>>> people are using them. Does the free subscription just not have the most up
>>> to date App ID's, so nothing is coming up?
>>>
>>> Thank you,
>>>
>>>
>>> Cory Juillerat, M.S.
>>>
>>> Director of Technology
>>>
>>> *Phone: *740.772.7667
>>>
>>> *Email:* cjuillerat at ztlsd.org
>>>
>>>
>>> _______________________________________________
>>> Snort-openappid mailing list
>>> Snort-openappid at lists.snort.org
>>> https://lists.snort.org/mailman/listinfo/snort-openappid
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20180420/945e621d/attachment-0001.html>


More information about the Snort-openappid mailing list