Messages

I've had to add a pass rule from the IPS internal interface to my syslog receiver because of this. 

Hi

I have found that Suricata IPS silently inhibits / blocks the load of the captcha that loads when trying to accept a Quickbooks online invite. 

works fine when IPS off (IDS only).

I managed to narrow it down to something in the ET telemetry/emerging-coinminer ruleset.  Everything works fine if I leave that ruleset as alert only (by excluding it from my convert to drop policy). 

Issue exists on 22.1.5-amd64 and at least a couple of other versions but I didnt record those at the time before updating sorry. 

No real complaint here / not asking for a fix, successfully worked around, more just posting for reference in case someone else is facing the same frustration. 

Hi folks

I'm trying to find a good explanation for the "Layer 3 visibility" switch in Net-SNMP.  What does this actually do?  I understand network layers, just not sure exactly how this applies here. 

Thanks

Ntopng is great, but also over the top for just identifying the internal IP of a current connection. 

the sortable table in 20.7 was perfect for that. 

So maybe what I think is missing is the ability to sort / exclude on the top talkers table. 

I'm having a hard time with them, to be honest.  If the Top Talker happens to be a WAN IP because it's common (Windows, Office365 updates), I'm having a really hard time identifying the internal IP of the offender.

I think you're right about the IPS matching before FW in traffic flow, but that's where putting the IPS in the internal interfaces makes more sense.  Then you are only IPSing traffic that is NATed from WAN to LAN.  Otherwise you're IPSing stuff that would be blocked by the implicit block at your WAN anyway. 

Here is the Powershell version (including ignoring ssl error)

Code Select Expand

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

$user = 'APIKEY'
$pass = 'APISECRET'

$pair = "$($user):$($pass)"

$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))

$basicAuthValue = "Basic $encodedCreds"

$Headers = @{
    Authorization = $basicAuthValue
}

$URL = "https://IPOFROUTER/api/core/firmware/upgrade"
Invoke-WebRequest -uri $url -method post -Headers $Headers -Body '{"upgrade":"maj"}' -ContentType "application/json"

Good morning all,

Is there a way to make it force major risky via the API?

thanks

I found the answer to make it go via cmd:
sudo --user=nobody  /usr/local/sbin/configctl firmware auto-update ALLOW_RISKY_MAJOR_UPGRADE

Hi everyone

I'm struggling to find a way to perform a Major update (e.g. from 19.1 to 19.7) using the API.  Is there anyone who has successfully done this using the API or other programmatic method?

Amazing module, thank you fvanroie!

I'm having a hard time figuring out how to execute a major update / upgrade though.  anyone had any success here?

Great.  Thanks Franco, I really appreciate the explanantion.

Hi Everyone

I'm on 19.1.6 and all seems good.

looking into quality monitoring due to an issue I have.  I'm having a hard time figuring out what the "Loss" metric means when I am looking at my graph under Reporting > Health > Quality. 

"Delay" makes sense.  I interpret that as delay in ms of traffic.

"Loss" is represented as m as well, e.g. 110m.  what does that actually mean?

thanks

Carrot