Hi All,
The last days several "persons" are trying to kick of a script and I get an SnortID error 2281.
The strange thing is that HTTP(S) traffic is only allowed from 1 IP address!!! This is set in Packet Filter (automatic PF rule is off). The IP's where these "attacks" come from are not from my specified IP.
NAT is set as follows:
Any->HTTP->internal server
Any->HTTPS->internal server
PF:
1 IP->HTTP->internal server
1 IP->HTTPS->internal server
How can this happen? Is Snort running for the Packet Filter or behind?
Can someone explain this to me?
This thread was automatically locked due to age.
