Re: Getting snort to block something

[James Lay <jlay () slave-tothe-box net>]

On 2015-08-03 03:06 PM, Joel Esler (jesler) wrote:
> Smells like pfsense if I had to guess.
>
> > On Jul 29, 2015, at 7:43 PM, James Lay <jlay () slave-tothe-box net>
> > wrote:
> >
> > On Wed, 2015-07-29 at 17:00 -0400, Victoria Lee wrote:
> >
> > > Hello everyone,
> > >
> > > I just set up snort and am trying to test it using the
> > > emerging-games.rule to block battle.net [1]
> > > However, I am not able to get it to block battle.net [1]
> > > I have my snort interface enabled, and in the alert settings I
> > > have
> > > everything checked off. (Send Alerts to system log, block
> > > offenders,
> > > kill states) I also have the Which ip to block set to both.
> > > In the categories I have the use IPS policy checked off and the
> > > IPS
> > > policy set as balanced.
> > > In the rule sets I have Snort community rules and
> > > emerging-games.rule
> > > checked off too.
> > > I have also enabled the emerging-games rules in the rules tab.
> > > Next to
> > > the rules there are little yellow boxes with x's in them.
> > > The emerging threat rules were also updated recently.
> > >
> > > Could someone advise me on what to do next?
> > > Please let me know if you need more information or any images for
> > > further clarification.
> > >
> > > An additional question. I recently purchased the snort business
> > > rule
> > > subscription. Am I supposed to get a code to activate that or is
> > > it
> > > activated another way?
> > > Thank you for your time!
> ------------------------------------------------------------------------------
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users [2]
> > > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > > [3]
> > >
> > > Please visit http://blog.snort.org [4] to stay current on all the
> > > latest Snort news!
> >
> > Something tells me that this is a device that was purchased yes?

Good call....guess she got it figured out since the thread went dark.

James


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!