I'm using a SNORT-based Institution Detection System and I'm finding that is is the source of some indigestion when trying to get Steam to work.


A quick glance at my own logs suggest the following rules need to be turned off or switched to alert vs. block:

29465 - FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt
29466 - FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt
There are other complaints on other sites suggesting these rules are blocking lots of things due to false positives.

49759 - FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt
24397 - APP-DETECT Steam game URI handler

Yes, there are Snort rules that intentionally blocking Steam games as a matter of Potential Corporate Privacy Violation. Clearly, we need to turn these off in order to play.

Finally, my IPS blocked traffic based on "SYN flood detected" so an exception for the machine(s) running the Steam client is in order.

Hope this helps someone.