[Oisf-users] Fwd: Unblock whatsapp

Владислав Дубов vladislav.dubov at gmail.com
Wed Jan 15 20:22:10 UTC 2020

My notebook's local IP address was  I use the Whatsapp web
version via Chrome.

---------- Forwarded message ---------
От: Владислав Дубов <vladislav.dubov at gmail.com>
Date: ср, 15 янв. 2020 г. в 23:15
Subject: Fwd: [Oisf-users] Unblock whatsapp
To: <oisf-users at lists.openinfosecfoundation.org>

Thank you. is our pfSense router, which hosts Suricata and
connects our LAN to the outside WAN.

When the 'messy' things start, I cannot even open the Whatsapp home page in
my browser.  I tried that yesterday because I initially thought that the
problem was to do with the Whatsapp web version.

I am going to send you today's log tomorrow morning after I get it from my
sysadmin.  I will also provide my machine's local IP address.

Thanks again,

Vladislav Dubov

---------- Forwarded message ---------
От: James Moe <jimoe at sohnen-moe.com>
Date: ср, 15 янв. 2020 г. в 22:42
Subject: Re: [Oisf-users] Unblock whatsapp
To: oisf-users at lists.openinfosecfoundation.org <
oisf-users at lists.openinfosecfoundation.org>

On 2020-01-15 5:23 AM, Владислав Дубов wrote:

  I am not convinced that Suricata is the cause here, rather a symptom.
may be resource constraints that are aggravated by Suricata running in the
  The log shows something messy starting at 10:56:07 from IP,
about when your Whatsapp failure starts. That IP does not resolve to
anything here.

> Today this behavior occurred again.  Whatsapp stopped working at around
  Here, Whatsapp shows IP addresses and
Neither of
those appear in your log, not even the first octet.
  What is the IP for Whatsapp at your location?

  The log shows only alerts; there are no dropped packets.

  Try this: disable the Suricata rules. In disable.conf add:
# Disable all SURICATA rules

  and restart Suricata.

> Yesterday, when we stopped Suricata, Whatsapp restored
> connection after some time.
  If the alert log was not rotated, suricata was stopped at 00:38:49?
  And when did Whatsapp reconnect?

  Execute this command at the router, post result:
$ sudo iptables -nvL INPUT -w 3 | head -7

James Moe
moe dot james at sohnen-moe dot com

Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200115/18c073bb/attachment.html>
-------------- next part --------------


More information about the Oisf-users mailing list