[Snort-users] Plex and Netflix issues

Ryan Ritchie ryno5514 at gmail.com
Sat Jan 19 01:15:44 EST 2019


Thanks,

I will look into the edits. Is there a better way to filter the traffic
from said apps to make sure it is that traffic?

On Fri, Jan 18, 2019, 11:05 PM Lucas Smith via Snort-users <
snort-users at lists.snort.org wrote:

> I also use discord behind a PfSense box running snort and do not have any
> sort of issues. I seem to recall that Hulu tended to trigger GID 137 on
> SIDs 1 and 2 under the preprocessor though I never did figure out why. Are
> you using snort on something like PfSense or a different OS? PfSense to
> check blocked hosts would be Services > Snort > Blocked. If you see
> something like SSL_INVALID_SERVER_HELLO or SSL_INVALID_CLIENT_HELLO, that
> would mean GID137:SIDs 1 and 2 would be good to turn off in the
> interface-specific settings. It'll be in preprocessor.rules. Like wkitty42
> pointed out though, you'll want to look at the alerts raised first before
> jumping to disabling rules.
>
> Hope this helps,
>
> Lucas
>
> On Sun, Jan 13, 2019 at 6:33 AM wkitty42--- via Snort-users <
> snort-users at lists.snort.org> wrote:
>
>> On 1/13/19 12:45 AM, Ryan Ritchie via Snort-users wrote:
>> >     I just need to figure out why it blocked Discord, Plex and Netflix
>> and how
>> >     to prevent it from blocking it.
>>
>>
>> you look at the alerts that were raised... once you know the rules that
>> triggered the alerts, either disable those rules that were triggered OR
>> threshold them for those roku and plex devices' IPs...
>>
>>
>> --
>>   NOTE: No off-list assistance is given without prior approval.
>>         *Please keep mailing list traffic on the list unless*
>>         *a signed and pre-paid contract is in effect with us.*
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.snort.org
>> Go to this URL to change user options or unsubscribe:
>> https://lists.snort.org/mailman/listinfo/snort-users
>>
>>         To unsubscribe, send an email to:
>>         snort-users-leave at lists.snort.org
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>> Please follow these rules:
>> https://snort.org/faq/what-is-the-mailing-list-etiquette
>>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
>         To unsubscribe, send an email to:
>         snort-users-leave at lists.snort.org
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190118/094d863b/attachment.html>


More information about the Snort-users mailing list