1
Intrusion Detection and Prevention / Re: OPNsense IPS syslog triggers IPS
« on: June 27, 2022, 02:44:11 pm »
I've had to add a pass rule from the IPS internal interface to my syslog receiver because of this.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Intrusion Detection and Prevention / Suricata IPS silently blocking Quickbooks Online invites
« on: April 21, 2022, 07:50:13 pm »
Hi
I have found that Suricata IPS silently inhibits / blocks the load of the captcha that loads when trying to accept a Quickbooks online invite.
works fine when IPS off (IDS only).
I managed to narrow it down to something in the ET telemetry/emerging-coinminer ruleset. Everything works fine if I leave that ruleset as alert only (by excluding it from my convert to drop policy).
Issue exists on 22.1.5-amd64 and at least a couple of other versions but I didnt record those at the time before updating sorry.
No real complaint here / not asking for a fix, successfully worked around, more just posting for reference in case someone else is facing the same frustration.
I have found that Suricata IPS silently inhibits / blocks the load of the captcha that loads when trying to accept a Quickbooks online invite.
works fine when IPS off (IDS only).
I managed to narrow it down to something in the ET telemetry/emerging-coinminer ruleset. Everything works fine if I leave that ruleset as alert only (by excluding it from my convert to drop policy).
Issue exists on 22.1.5-amd64 and at least a couple of other versions but I didnt record those at the time before updating sorry.
No real complaint here / not asking for a fix, successfully worked around, more just posting for reference in case someone else is facing the same frustration.
3
General Discussion / Net-SNMP Layer 3 visibility
« on: June 29, 2021, 05:29:40 pm »
Hi folks
I'm trying to find a good explanation for the "Layer 3 visibility" switch in Net-SNMP. What does this actually do? I understand network layers, just not sure exactly how this applies here.
Thanks
I'm trying to find a good explanation for the "Layer 3 visibility" switch in Net-SNMP. What does this actually do? I understand network layers, just not sure exactly how this applies here.
Thanks
4
21.1 Legacy Series / Re: Thanks for the new traffic graphs
« on: April 16, 2021, 08:21:13 pm »
Ntopng is great, but also over the top for just identifying the internal IP of a current connection.
the sortable table in 20.7 was perfect for that.
So maybe what I think is missing is the ability to sort / exclude on the top talkers table.
the sortable table in 20.7 was perfect for that.
So maybe what I think is missing is the ability to sort / exclude on the top talkers table.
5
21.1 Legacy Series / Re: Thanks for the new traffic graphs
« on: April 13, 2021, 02:12:38 pm »
I'm having a hard time with them, to be honest. If the Top Talker happens to be a WAN IP because it's common (Windows, Office365 updates), I'm having a really hard time identifying the internal IP of the offender.
6
Intrusion Detection and Prevention / Re: Help setting up Intrusion Detection Policy
« on: April 08, 2021, 02:45:00 pm »
I think you're right about the IPS matching before FW in traffic flow, but that's where putting the IPS in the internal interfaces makes more sense. Then you are only IPSing traffic that is NATed from WAN to LAN. Otherwise you're IPSing stuff that would be blocked by the implicit block at your WAN anyway.
7
General Discussion / Re: Using API to perform Major Update / Upgrade
« on: February 04, 2021, 05:41:47 pm »
Here is the Powershell version (including ignoring ssl error)
Code: [Select]
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
$user = 'APIKEY'
$pass = 'APISECRET'
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
$URL = "https://IPOFROUTER/api/core/firmware/upgrade"
Invoke-WebRequest -uri $url -method post -Headers $Headers -Body '{"upgrade":"maj"}' -ContentType "application/json"
8
20.1 Legacy Series / Re: Scheduled Upgrade?
« on: February 04, 2021, 01:39:19 pm »
Good morning all,
Is there a way to make it force major risky via the API?
thanks
Is there a way to make it force major risky via the API?
thanks
9
General Discussion / Re: Using API to perform Major Update / Upgrade
« on: January 07, 2021, 04:43:29 pm »
I found the answer to make it go via cmd:
sudo --user=nobody /usr/local/sbin/configctl firmware auto-update ALLOW_RISKY_MAJOR_UPGRADE
sudo --user=nobody /usr/local/sbin/configctl firmware auto-update ALLOW_RISKY_MAJOR_UPGRADE
10
General Discussion / Using API to perform Major Update / Upgrade
« on: January 07, 2021, 03:34:38 pm »
Hi everyone
I'm struggling to find a way to perform a Major update (e.g. from 19.1 to 19.7) using the API. Is there anyone who has successfully done this using the API or other programmatic method?
I'm struggling to find a way to perform a Major update (e.g. from 19.1 to 19.7) using the API. Is there anyone who has successfully done this using the API or other programmatic method?
11
Development and Code Review / Re: PowerShell Module for OPNsense api
« on: January 06, 2021, 08:15:17 pm »
Amazing module, thank you fvanroie!
I'm having a hard time figuring out how to execute a major update / upgrade though. anyone had any success here?
I'm having a hard time figuring out how to execute a major update / upgrade though. anyone had any success here?
12
General Discussion / Re: Reporting > Health > Quality - how do I interpret "Loss" metric?
« on: May 02, 2019, 04:39:29 pm »
Great. Thanks Franco, I really appreciate the explanantion.
13
General Discussion / Reporting > Health > Quality - how do I interpret "Loss" metric?
« on: May 01, 2019, 07:41:34 pm »
Hi Everyone
I'm on 19.1.6 and all seems good.
looking into quality monitoring due to an issue I have. I'm having a hard time figuring out what the "Loss" metric means when I am looking at my graph under Reporting > Health > Quality.
"Delay" makes sense. I interpret that as delay in ms of traffic.
"Loss" is represented as m as well, e.g. 110m. what does that actually mean?
thanks
Carrot
I'm on 19.1.6 and all seems good.
looking into quality monitoring due to an issue I have. I'm having a hard time figuring out what the "Loss" metric means when I am looking at my graph under Reporting > Health > Quality.
"Delay" makes sense. I interpret that as delay in ms of traffic.
"Loss" is represented as m as well, e.g. 110m. what does that actually mean?
thanks
Carrot
Pages: [1]