|
Title: Endian IDS blocking Dropbox - how do I allow? Post by: NickReplay on Tuesday 27 August 2013, 03:53:44 am Hi,
Endian IDS is blocking Dropbox syncs/updates - how do I modify rules in order to allow this? I'm thinking I need to set up Source NAT rules but I'm unsure how (I may be wrong too!) Here is an example of an intrusion log: snort[5026]: [1:2012647:3] ET POLICY Dropbox.com Offsite File Backup in Use [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.0.78:57723 -> 108.160.163.50:80 Any help appreciated 8) Nick Title: Re: Endian IDS blocking Dropbox - how do I allow? Post by: NickReplay on Tuesday 27 August 2013, 06:35:04 pm ok so I realise now that the syncs are happening it's just they are being detected by Snort - could someone help me create a custom rule for Dropbox pls ;D
Title: Re: Endian IDS blocking Dropbox - how do I allow? Post by: Ricard on Wednesday 04 September 2013, 01:08:52 pm just read the alert description to know the number and type: ...2012647.... ET POLICY . Then: - go to Services -> Intrusion Prevention - edit "auto/emerging-policy.rules" - see the rule numbers are ascendant. Go until 2012647: "ET POLICY Dropbox.com Offsite File Backup in Use" - unmark. Apply, and save. that's all. |