Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 19 November 2024, 04:42:38 pm

Login with username, password and session length

Get the new Updates directly from Endian  HERE
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Endian IDS blocking Dropbox - how do I allow?
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Endian IDS blocking Dropbox - how do I allow?  (Read 13295 times)
NickReplay
Jr. Member
*
Offline Offline

Posts: 4


« on: Tuesday 27 August 2013, 03:53:44 am »

Hi,

Endian IDS is blocking Dropbox syncs/updates - how do I modify rules in order to allow this?

I'm thinking I need to set up Source NAT rules but I'm unsure how (I may be wrong too!)

Here is an example of an intrusion log:

snort[5026]: [1:2012647:3] ET POLICY Dropbox.com Offsite File Backup in Use [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.0.78:57723 -> 108.160.163.50:80


Any help appreciated  Cool

Nick
Logged
NickReplay
Jr. Member
*
Offline Offline

Posts: 4


« Reply #1 on: Tuesday 27 August 2013, 06:35:04 pm »

ok so I realise now that the syncs are happening it's just they are being detected by Snort - could someone help me create a custom rule for Dropbox pls  Grin
Logged
Ricard
Full Member
***
Offline Offline

Posts: 11


« Reply #2 on: Wednesday 04 September 2013, 01:08:52 pm »


just read the alert description to know the number and type:  ...2012647....  ET POLICY .

Then:

- go to Services -> Intrusion Prevention
- edit "auto/emerging-policy.rules"
- see the rule numbers are ascendant. Go until 2012647:   "ET POLICY Dropbox.com Offsite File Backup in Use"
- unmark. Apply, and save.

that's all.

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com