[Oisf-users] Fwd: Unblock whatsapp
Владислав Дубов
vladislav.dubov at gmail.com
Wed Jan 15 20:22:10 UTC 2020
My notebook's local IP address was 192.168.33.217. I use the Whatsapp web
version via Chrome.
---------- Forwarded message ---------
От: Владислав Дубов <vladislav.dubov at gmail.com>
Date: ср, 15 янв. 2020 г. в 23:15
Subject: Fwd: [Oisf-users] Unblock whatsapp
To: <oisf-users at lists.openinfosecfoundation.org>
Thank you. 195.68.154.66 is our pfSense router, which hosts Suricata and
connects our LAN to the outside WAN.
When the 'messy' things start, I cannot even open the Whatsapp home page in
my browser. I tried that yesterday because I initially thought that the
problem was to do with the Whatsapp web version.
I am going to send you today's log tomorrow morning after I get it from my
sysadmin. I will also provide my machine's local IP address.
Thanks again,
Vladislav Dubov
---------- Forwarded message ---------
От: James Moe <jimoe at sohnen-moe.com>
Date: ср, 15 янв. 2020 г. в 22:42
Subject: Re: [Oisf-users] Unblock whatsapp
To: oisf-users at lists.openinfosecfoundation.org <
oisf-users at lists.openinfosecfoundation.org>
On 2020-01-15 5:23 AM, Владислав Дубов wrote:
I am not convinced that Suricata is the cause here, rather a symptom.
There
may be resource constraints that are aggravated by Suricata running in the
host.
The log shows something messy starting at 10:56:07 from IP 195.68.154.66,
about when your Whatsapp failure starts. That IP does not resolve to
anything here.
> Today this behavior occurred again. Whatsapp stopped working at around
11AM+3:00.
>
Here, Whatsapp shows IP addresses 169.55.60.148 and 108.168.254.65.
Neither of
those appear in your log, not even the first octet.
What is the IP for Whatsapp at your location?
The log shows only alerts; there are no dropped packets.
Try this: disable the Suricata rules. In disable.conf add:
# Disable all SURICATA rules
re:SURICATA
and restart Suricata.
> Yesterday, when we stopped Suricata, Whatsapp restored
> connection after some time.
>
If the alert log was not rotated, suricata was stopped at 00:38:49?
And when did Whatsapp reconnect?
Execute this command at the router, post result:
$ sudo iptables -nvL INPUT -w 3 | head -7
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200115/18c073bb/attachment.html>
-------------- next part --------------
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQQvyrQDoa26FpWNi7vNNyvw+urRkwUCXh9rDwAKCRDNNyvw+urR
k50+AJ9spbXvr7r47L5w0CJaTBwu/euRLQCfWxsUTPLEETNY2fgYAua+t2UQECc=
=8JzY
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list