[Ukfreebsd] Portsnap Servers Problems

O'Connor, Kevin KevinO'Connor at merseyfire.gov.uk
Sat Jan 21 15:34:30 GMT 2012


It seems to be related to the snort 2.9.1 package that I updated to the other day on the PFSense firewall.
I'm not saying it's a fault with their package but rather a change in behaviour of snort when the file is transferred using Transfer-Encoding: Chunked header.

Going back through the snort logs I've got several sites that also got added to the block list for exactly the same reason.

I'll enquire on the snort lists about what appears to be a change of behaviour, after I've checked that the PFSense package has not had it's previous defaults changed at build time. 

There are no proxies involved. It's just a load of 8.2 servers sitting in a DMZ behind a PFSense firewall that's plugged into a 100mb transit pipe. So I think I can rule out anything messing with the packets.  

Thanks

Kevin
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this e-mail in error please notify the originator of the message. 

Any views expressed in this message are those of the individual sender,
except where the sender specifies and with authority, states them to be
the views of Merseyside Fire & Rescue Service, (MFRS).

Incoming and outgoing emails may be monitored in line with current legislation.

Steps have been taken to ensure that this email and attachments are 
free from any virus.  In keeping with good computing practice the 
recipient should ensure they are actually virus free.

http://www.merseyfire.gov.uk/



More information about the Ukfreebsd mailing list