[Snort-openappid] Using Snort on pfsense

munis badar munisb at gmail.com
Fri Apr 20 14:24:29 EDT 2018


Yep, that’s accurate. 

And I don’t understand why the earlier poster would bring squid into it. You can detect apps using app-id on snort. One thing to keep in mind though as most sites are transitioning to TLS – the http header is encrypted. So, you would want to do mitm for streaming sites to disallow access to specific content. Just make sure that you are not trespassing any privacy laws though.
--
Munis Badar
Founder of OceanIT
1-888-518-9889
https://oceanit.ca


Sent from Mail for Windows 10

From: Y M via Snort-openappid
Sent: Friday, April 20, 2018 2:16 PM
To: snort-openappid at lists.snort.org
Subject: Re: [Snort-openappid] Using Snort on pfsense

Cory,

The AppID detectors are open-source and are available on the Snort website. So I don't think the subscription is at play here. In an earlier thread, I posted a link to a YouTube video for configuring AppID on pfsense. The presenter showed that AppID is picking up Netflix, among other apps. Here is the link for the video https://youtu.be/-GgqYq5-EBg

Hope this helps.
YM


From: Snort-openappid <snort-openappid-bounces at lists.snort.org> on behalf of Cory Juillerat <cjuillerat at ztlsd.org>
Sent: Friday, April 20, 2018 8:30 PM
To: snort-openappid at lists.snort.org
Subject: [Snort-openappid] Using Snort on pfsense 
 
Good afternoon, 

I decided to recently try Snort mainly for the App ID capability.. I work at a school so students are always using social networking apps and streaming media apps. I created the WAN interface and started the Snort process on this interface. I am using the predefined balanced IPS policy and I also placed a check in all of the check boxes underneath Snort OPENAPPI Rules and Ruleset: ET Open Rules.

Now onto the issue I am having.. When I go to the alerts tab, most of what I see is Chrome and http traffic underneath description. There are no social networking or streaming services populating, even though I know people are using them. Does the free subscription just not have the most up to date App ID's, so nothing is coming up?

Thank you,

Cory Juillerat, M.S. 
Director of Technology
Phone: 740.772.7667
Email: cjuillerat at ztlsd.org
 



---
This email has been checked for viruses by AVG.
http://www.avg.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20180420/1dc1d5f0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: E653E1B6466942FEA4FF1A60C3BC033A.png
Type: image/png
Size: 158 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20180420/1dc1d5f0/attachment.png>


More information about the Snort-openappid mailing list