Project

General

Profile

Feature #6831

Snort does not support aliases containing FQDN

Added by Louis-Philippe Allard over 2 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
09/29/2016
Due date:
% Done:

0%

Estimated time:

Description

Snort does not support aliases containing FQDN. The pass list in snort's settings has a list which points to a system-wide alias which contains 100+ FQDN entries and snort seems not to be able to use it saying:

FQDN aliases are not supported in Snort.

By being so, users are forced to maintain IP addresses or IP ranges in their already light-years long aliases, or worst, disable the triggering rules in snort, therefore mining the effectiveness of the snort application.

History

#1 Updated by Kill Bill over 2 years ago

Reading this would help to understand why it's not supported.
https://forum.pfsense.org/index.php?topic=87211.msg514703#msg514703

#2 Updated by Renato Botelho over 2 years ago

  • Priority changed from High to Normal
  • Target version deleted (2.4.0)

Keeping it opened for reference but I'm not sure if Bill Meeks will implement it based on his comments on the forum thread linked above

Also available in: Atom PDF