[Snortsam-discussion] Extending block for host issue

Rachmat Hidayat Al-Anshar rachmat_hidayat_02 at yahoo.com
Sun May 4 01:19:20 EDT 2008 

I just don't get it Frank, when i try to issuing ping, then snortsam.log telling me that, the source ip has blocked, with adding an iptables rules. But, the traffic of ping it self, still continue. It seems that snortsam/iptables didn't make it to actually block the traffic. There is a time,when i get the traffic of ping being blocked by snortsam. It giving me a 'request time out' stat as result.

Rachmat Hidayat Al-Anshar wrote: 
> Hi Frank, thanks for replying :)
> but why snortsam didn't block the icmp traffic at all? Its just print on the log file that the ip of x.x.x.x has successfully blocked, and for the next moment, its print that 'extending block for that host'?
> Frank Knobbe wrote: 
>> On Sat, 2008-05-03 at 00:19 -0700, Rachmat Hidayat Al-Anshar wrote:
>>> Then from another machine, I try to pinging one of my client machine,
>>> with:
>>> 
>>> ping -t x.x.x.x
>>> 
>>> 
>>> Then, from snortsam.log, I got this kind of messages "..Extending
>>> block for host 
>>> x.x.x.x ..". And snortsam's agent on firewall machine didn't block the
>>> ping traffic.
>>> 
>>> Now, what should I do?
>> Well, Snortsam has already blocked that address. Your repeated attempt
>> is just extending the existing block. Check the log file for the first
>> occurrence of the block, or ping an IP that hasn't been pinged before.
>> -Frank
>> _______________________________________________
>> Snortsam-discussion mailing list
>> Snortsam-discussion at snortsam.net
>> http://lists.snortsam.net/mailman/listinfo/snortsam-discussion
>       ____________________________________________________________________________________
> Be a better friend, newshound, and 
> know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
> _______________________________________________
> Snortsam-discussion mailing list
> Snortsam-discussion at snortsam.net
> http://lists.snortsam.net/mailman/listinfo/snortsam-discussion



      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

More information about the Snortsam-discussion mailing list