[Oisf-users] Unblock whatsapp
James Moe
jimoe at sohnen-moe.com
Wed Jan 15 19:42:07 UTC 2020
On 2020-01-15 5:23 AM, Владислав Дубов wrote:
I am not convinced that Suricata is the cause here, rather a symptom. There
may be resource constraints that are aggravated by Suricata running in the host.
The log shows something messy starting at 10:56:07 from IP 195.68.154.66,
about when your Whatsapp failure starts. That IP does not resolve to anything here.
> Today this behavior occurred again. Whatsapp stopped working at around 11AM+3:00.
>
Here, Whatsapp shows IP addresses 169.55.60.148 and 108.168.254.65. Neither of
those appear in your log, not even the first octet.
What is the IP for Whatsapp at your location?
The log shows only alerts; there are no dropped packets.
Try this: disable the Suricata rules. In disable.conf add:
# Disable all SURICATA rules
re:SURICATA
and restart Suricata.
> Yesterday, when we stopped Suricata, Whatsapp restored
> connection after some time.
>
If the alert log was not rotated, suricata was stopped at 00:38:49?
And when did Whatsapp reconnect?
Execute this command at the router, post result:
$ sudo iptables -nvL INPUT -w 3 | head -7
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200115/37295d7b/attachment.sig>
More information about the Oisf-users
mailing list