Snort mailing list archives
Re: Snort rule for allowing Logitech Squeezebox streaming service/traffic
From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Mon, 11 Jun 2018 12:38:39 +0000
Hello, Do you have a sample of the traffic? http_inspect is a preprocessor so the rule is firing because is sees suspected http traffic with some fields missing that should be in standard http communications. Albert Lewis ENGINEER.SOFTWARE ENGINEERING Cisco Systems Inc. Email: allewi () cisco com On 6/11/18, 8:34 AM, "Snort-users on behalf of Dominik Steiner via Snort-users" <snort-users-bounces () lists snort org on behalf of snort-users () lists snort org> wrote: Hi Snort users I am quite a beginner with snort and have a tricky question on creating a rule for a radio streaming service. I am using Logitech Squeezebox as a music streaming system for my home and found out, that since i activated Snort it always drops my streaming and i cannot listen to online radios anymore. When i found out that snort is blocking my traffic to the squeezebox streaming server, it showed in the alert log that it always classifies the traffic as "Unknown Traffic” and it always logs it against the port 9000 from the streaming server (where the service is running on) and port 80 (not sure why 80). Description of blocked traffic is always: (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE Does anyone have an idea how to fix this and keep snort on while allowing this traffic? The service is running on port 9000, how can i create a rule to enable such traffic to flow through? Haven’t found any thread in the internet which solves this issue, that’s why i am reaching out to you. Thanks for your support _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort rule for allowing Logitech Squeezebox streaming service/traffic Dominik Steiner via Snort-users (Jun 11)
- Re: Snort rule for allowing Logitech Squeezebox streaming service/traffic Al Lewis (allewi) via Snort-users (Jun 13)
- Re: Snort rule for allowing Logitech Squeezebox streaming service/traffic wkitty42 (Jun 13)