Hi everyone.
Im a software developper but i had never explored the networking side untill recently. I have created myself a PFSense Box with an HP T610 thin client. I have configuered everything thanks to the Lawrence Systems videos on facebook.
I have installed Snort due to it beeing more user friendly instead of suricata and to save time on setting up.
Again everything is working fine. So far i got almost no False positive exept for one exeption. Snort keeps on blocking YouTube.
I have found exactly which rule blocks it. However i cant just simply add the blocked IP to the suppress list since it ends up beeing blocked again after about 5minutes from another IP. Im guessing its the Adds that probably come from a different IP and creates the block. I had about 10 IP in the suppress list before i decided to come here.
All IP’s get blocked due to the " (portscan) UDP Filtered Portscan" rule but i want to know if theres an alternative then either removing the rule or spending weeks suppressing tons of IP’s