This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Incoming traffic being blocked

I found this in the IPS logs and the end user says it is blocking websites for them.

2006:04:04-10:07:13 (none) snort[25491]: [116:58:1] (snort_decoder): Experimental Tcp Options found {PROTO006} 65.xxx.xxx.66:1232 -> 172.18.x.xx:80

I don't see any hit counts for this? How can I determine which rule is doing this block?

This thread was automatically locked due to age.

Parents

0 NimmdirKeks over 19 years ago

Thats only a report log, not a drop log. If the packet would have been dropped, there would be an D infront of the group.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 NimmdirKeks over 19 years ago

Thats only a report log, not a drop log. If the packet would have been dropped, there would be an D infront of the group.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Joe_Halleck over 19 years ago in reply to NimmdirKeks

Thanks for the tip. I did discover this host for some reason was getting blocked due to port scans from same address. Looks like a tech at that host site was using a scanner to troubleshoot if a website was up. [:)]
DOH!
Cancel
Vote Up 0 Vote Down

Cancel