[Oisf-users] Unblock whatsapp

James Moe jimoe at sohnen-moe.com
Wed Jan 15 19:42:07 UTC 2020

On 2020-01-15 5:23 AM, Владислав Дубов wrote:

  I am not convinced that Suricata is the cause here, rather a symptom. There
may be resource constraints that are aggravated by Suricata running in the host.
  The log shows something messy starting at 10:56:07 from IP,
about when your Whatsapp failure starts. That IP does not resolve to anything here.

> Today this behavior occurred again.  Whatsapp stopped working at around 11AM+3:00.
  Here, Whatsapp shows IP addresses and Neither of
those appear in your log, not even the first octet.
  What is the IP for Whatsapp at your location?

  The log shows only alerts; there are no dropped packets.

  Try this: disable the Suricata rules. In disable.conf add:
# Disable all SURICATA rules

  and restart Suricata.

> Yesterday, when we stopped Suricata, Whatsapp restored
> connection after some time.
  If the alert log was not rotated, suricata was stopped at 00:38:49?
  And when did Whatsapp reconnect?

  Execute this command at the router, post result:
$ sudo iptables -nvL INPUT -w 3 | head -7

James Moe
moe dot james at sohnen-moe dot com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200115/37295d7b/attachment.sig>

More information about the Oisf-users mailing list