[Snort-users] Getting snort to block something

Joel Esler (jesler) jesler at ...589...
Mon Aug 3 17:06:02 EDT 2015


Smells like pfsense if I had to guess.

On Jul 29, 2015, at 7:43 PM, James Lay <jlay at ...13475...<mailto:jlay at ...14580...75...>> wrote:

On Wed, 2015-07-29 at 17:00 -0400, Victoria Lee wrote:

Hello everyone,

I just set up snort and am trying to test it using the
emerging-games.rule to block battle.net<http://battle.net>
However, I am not able to get it to block battle.net<http://battle.net>
I have my snort interface enabled, and in the alert settings I have
everything checked off. (Send Alerts to system log, block offenders,
kill states) I also have the Which ip to block set to both.
In the categories I have the use IPS policy checked off and the IPS
policy set as balanced.
In the rule sets I have Snort community rules and emerging-games.rule
checked off too.
I have also enabled the emerging-games rules in the rules tab. Next to
the rules there are little yellow boxes with x's in them.
The emerging threat rules were also updated recently.

Could someone advise me on what to do next?
Please let me know if you need more information or any images for
further clarification.


An additional question. I recently purchased the snort business rule
subscription. Am I supposed to get a code to activate that or is it
activated another way?
Thank you for your time!

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!


Something tells me that this is a device that was purchased yes?
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150803/c0e3a274/attachment.html>


More information about the Snort-users mailing list