1
21.7 Legacy Series / Re: Interfaces randomly go down/unroutable
« on: December 20, 2021, 05:17:19 pm »
21.7.7 running stable for me too. Suricata enabled once again on LAN and DMZ, no VLANS being used.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
21.7 Legacy Series / Re: Interfaces randomly go down/unroutable
« on: December 08, 2021, 12:39:17 pm »
I have experienced similar issue as some here. LAN interface is not reachable. Has happened with Suricata turned on and enabled on DMZ and LAN interface. I was able to reach DMZ side, not LAN. Turning off Suricata has kept my firewall working.
3
20.1 Legacy Series / Re: Constant DNS request from firewall
« on: May 02, 2020, 03:00:44 pm »
Problem solved. Found the device using tcpdump. Corrected the problem and dns requests stopped. Thank you.
4
20.1 Legacy Series / Constant DNS request from firewall
« on: May 02, 2020, 07:40:00 am »
I am noticing that my firewall keeps sending dns request to 1.1.1.1:53. The domain it keeps sending is config.amcrestcloud.com. This is probably from my cameras originally. But to test out things I disabled all amcrest cameras and the dns keeps going, every few seconds and does not stop.
__timestamp__ May 2 01:38:11
action [pass]
anchorname
datalen 49
dir [out]
dst 1.1.1.1 [one.one.one.one]
dstport 53
ecn
id 51000
interface bge1
ipflags DF
label let out anything from firewall host itself (force gw)
length 69
offset 0
proto 17
protoname udp
reason match
rid b982490a613ebfd2d24f6162e719143b
ridentifier 0
rulenr 83
src MY FIREWALL
srcport 45417
subrulenr
tos 0x0
ttl 63
version 4
Any suggestions? Rebooted a few times. I attached a ntopng screenshot. I can see the DNS request also on here.
__timestamp__ May 2 01:38:11
action [pass]
anchorname
datalen 49
dir [out]
dst 1.1.1.1 [one.one.one.one]
dstport 53
ecn
id 51000
interface bge1
ipflags DF
label let out anything from firewall host itself (force gw)
length 69
offset 0
proto 17
protoname udp
reason match
rid b982490a613ebfd2d24f6162e719143b
ridentifier 0
rulenr 83
src MY FIREWALL
srcport 45417
subrulenr
tos 0x0
ttl 63
version 4
Any suggestions? Rebooted a few times. I attached a ntopng screenshot. I can see the DNS request also on here.
5
General Discussion / Nextcloud Server, Am I protected Enough?
« on: April 30, 2020, 09:14:54 pm »
Wanted some feedback on my cloud setup. Hosting my own Nextcloud server on a DMZ and want to be sure I am 99% protected for intrusions.
Nextcloud is on DMZ, Port forward only 443. Couldn't get NGINX or HAPROXY working. So Using Cloudflare WAF. My firewall has IDS with Telemetry rules enabled to block. Port Forward and Firewall only allows Cloudflare IP's to access my Nextcloud over SSL. Turned on most security protection available on Cloudflare. GEOIP only allows USA
Am I good or should I tweak something with my setup?
Nextcloud is on DMZ, Port forward only 443. Couldn't get NGINX or HAPROXY working. So Using Cloudflare WAF. My firewall has IDS with Telemetry rules enabled to block. Port Forward and Firewall only allows Cloudflare IP's to access my Nextcloud over SSL. Turned on most security protection available on Cloudflare. GEOIP only allows USA
Am I good or should I tweak something with my setup?
6
General Discussion / Re: Recommendation for analysing the Firewall Logs
« on: April 30, 2020, 09:08:44 pm »
I have been using papertrail. Seems easy and I can get away with free version. Also allows me to get email alerts when IPS blocks something.
7
Intrusion Detection and Prevention / Re: Test IPS functional
« on: November 30, 2017, 05:51:56 pm »
It downloads because my local virus scanner finds it on desktop. So it's passing firewall.
8
Intrusion Detection and Prevention / Re: Test IPS functional
« on: November 30, 2017, 05:16:55 pm »
That worked. Blocked. So why is the exploit rules for CVE-2014-6332 not blocking when they are enabled?
9
Intrusion Detection and Prevention / Re: Test IPS functional
« on: November 30, 2017, 02:28:21 pm »
I have tried http://www.wicar.org/test-malware.html and tested CVE-2014-6332. These rules are enabled under emerging-exploit.rules and I do not see the alerts at all.
10
Intrusion Detection and Prevention / Test IPS functional
« on: November 30, 2017, 01:56:20 pm »
I have been running IPS inline. Recently added the snort VRT rules. How do you guys test to see if the IPS is blocking rules? I do not see anything in my alerts except the country blocking rules I have setup.
11
General Discussion / Re: OpenVPN Road Warrior Route All Traffic To VPN
« on: November 23, 2016, 01:39:17 pm »
Great. Thank you for replying.
12
General Discussion / OpenVPN Road Warrior Route All Traffic To VPN
« on: November 22, 2016, 08:33:12 pm »
I have OpenVPN setup for my laptop and mobile phone. How can I have all the clients traffic routed to VPN. Not just the resources it needs.
13
16.7 Legacy Series / Re: IPS Question
« on: November 02, 2016, 05:19:02 pm »
Ok thank you.
Would you happen to know if it's possible to skip IPS scanning on certain ports or ip address? Bypass feature?
Would you happen to know if it's possible to skip IPS scanning on certain ports or ip address? Bypass feature?
14
16.7 Legacy Series / IPS Question
« on: November 01, 2016, 01:29:44 pm »
Can someone point me to more info on the Pattern Match option for IPS? I am aware Hyperscan is by Intel and supposed to be the new and fastest option. Just wanted to have more info on the three. Thanks.
What does each do exactly? and is Hyperscan supported on old Xeon Processor?
Default -
Aho-Corasick -
Hyperscan -
What does each do exactly? and is Hyperscan supported on old Xeon Processor?
Default -
Aho-Corasick -
Hyperscan -
Pages: [1]