Project

General

Profile

Actions
Copy link

Bug #14514

closed

SNORT randomly starts blocking the IP address on the interface that it is residing on

Added by Jonathan Lee over 1 year ago. Updated about 1 year ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
23.05
Affected Architecture:
SG-2100

Description

Hello fellow pfsense Redmine team members,

I have found an issue where SNORT starts to block out my ip address that is issued from the ISP. It is as if someone spoofs my ip address and starts doing scans of my own network. Once the system spots it and blocks out my address it causes a fail closed event. Keep in mind my IP address is not listed on any of the block lists that I could find however the logs acts as if it is. This occurs at random times sometimes during config changes and sometimes when using my Windows 10 laptop from college.

Files

Screenshot 2023-06-27 at 3.13.19 PM.png (566 KB) Screenshot 2023-06-27 at 3.13.19 PM.png Logs showing condition fail closed Jonathan Lee, 06/27/2023 10:17 PM

Related issues

Related to Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS eventNot a Bug

Actions
Actions
Copy link

Also available in: Atom PDF