Messages

1

Intrusion Detection and Prevention / Re: Suricata Intrusion Detection doesn't block all Malware using the abuse.ch

« on: May 02, 2019, 07:18:33 pm »

Hey guys, is this still an issue for you? I was experiencing the same symptoms when trying a test of suricata using the first example you posted "http://ajansred.com/audio/image.ico"  and not seeing a block or even a log entry so I ended up removing my snort plug for the svt rules and my oink code from suricata along with the snort detection's and when i tried the test again and it was blocked in suricata as expected.  I have been back and forth from pfsense to opnsense and even though i really like opnsense more i need a solid and reliable intrusion detection system and one i fully trust.

I plan on turning back on the snort plugin and add back the snort rules and see if suircata still works.

Thanks. Doug