[Snort-users] Getting snort to block something

James Lay jlay at ...13475...
Mon Aug 3 17:07:25 EDT 2015


On 2015-08-03 03:06 PM, Joel Esler (jesler) wrote:
> Smells like pfsense if I had to guess.
> 
>> On Jul 29, 2015, at 7:43 PM, James Lay <jlay at ...13475...>
>> wrote:
>> 
>> On Wed, 2015-07-29 at 17:00 -0400, Victoria Lee wrote:
>> 
>>> Hello everyone,
>>> 
>>> I just set up snort and am trying to test it using the
>>> emerging-games.rule to block battle.net [1]
>>> However, I am not able to get it to block battle.net [1]
>>> I have my snort interface enabled, and in the alert settings I
>>> have
>>> everything checked off. (Send Alerts to system log, block
>>> offenders,
>>> kill states) I also have the Which ip to block set to both.
>>> In the categories I have the use IPS policy checked off and the
>>> IPS
>>> policy set as balanced.
>>> In the rule sets I have Snort community rules and
>>> emerging-games.rule
>>> checked off too.
>>> I have also enabled the emerging-games rules in the rules tab.
>>> Next to
>>> the rules there are little yellow boxes with x's in them.
>>> The emerging threat rules were also updated recently.
>>> 
>>> Could someone advise me on what to do next?
>>> Please let me know if you need more information or any images for
>>> further clarification.
>>> 
>>> An additional question. I recently purchased the snort business
>>> rule
>>> subscription. Am I supposed to get a code to activate that or is
>>> it
>>> activated another way?
>>> Thank you for your time!
>>> 
>>> 
>> 
> ------------------------------------------------------------------------------
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users [2]
>>> Snort-users list archive:
>>> 
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>> [3]
>>> 
>>> Please visit http://blog.snort.org [4] to stay current on all the
>>> latest Snort news!
>> 
>> Something tells me that this is a device that was purchased yes?

Good call....guess she got it figured out since the thread went dark.

James





More information about the Snort-users mailing list