76
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
77
17.1 Legacy Series / Re: Suricata - Working or not.
« on: April 15, 2017, 02:22:26 pm »
I agree. It has never worked for me but it works on pfsense.
If I use pfsense with suricata and ET rules I trigger rules all day and night.
If I use ipfire with snort and ET rules, the same rules trigger all day and night.
I get literally nothing in OPNsense, except the built in annoying suricata rules.
A friend of mine has the same results on totally different hardware.
If I use pfsense with suricata and ET rules I trigger rules all day and night.
If I use ipfire with snort and ET rules, the same rules trigger all day and night.
I get literally nothing in OPNsense, except the built in annoying suricata rules.
A friend of mine has the same results on totally different hardware.
78
17.1 Legacy Series / Re: OPNsense install from a USB key
« on: April 08, 2017, 05:14:48 pm »
Try physdiskwrite. All the others failed for me but it worked great.
79
17.1 Legacy Series / Re: 17.1.2 - Still have IDPS issues
« on: April 05, 2017, 03:38:51 am »
Yeah I get a bunch of the suricata alerts but no ET alerts.
80
17.1 Legacy Series / Re: Suricata - Working or not.
« on: April 05, 2017, 12:58:07 am »
I manually added the line to the file like in the bug fix and it didn't change anything for me. I don't fully understand what this line is supposed to fix..
81
17.1 Legacy Series / Re: OPNsense install from a USB key
« on: April 05, 2017, 12:51:42 am »
I have yet to have physdiskwrite fail.
If you have tried Rufus, unetbootin etc... or even win32diskwrite without success, try physdiskwrite.
If you have tried Rufus, unetbootin etc... or even win32diskwrite without success, try physdiskwrite.
82
17.1 Legacy Series / Re: OPNsense install from a USB key
« on: April 04, 2017, 08:44:09 pm »
Use physdiskwrite
83
17.1 Legacy Series / Re: Suricata - Working or not.
« on: April 04, 2017, 04:35:30 am »
franco, is this related to the issue I have with suricata not showing any alerts for ET rules?
84
17.1 Legacy Series / Re: Suricata - Working or not.
« on: April 02, 2017, 10:36:17 pm »
I and a friend also get no triggered alerts in suricata but do when using suricata and snort on other firewalls like pfsense and ipfire.
I've worked with Franco a bit to try and identify a problem but couldn't.
I can force two rules to trigger but that's it. If I enable the opnsense test rules and go to a site that tries to violate the rule it triggers. If I enable the chat ET rule and connect to freenode irc it triggers and blocks as well.
When I had pfsense and ipfire installed I had ET rules triggered all day and night every day. Mostly drop, dshield, scan and compromised rules.
I get nothing in opnsense. Very confusing and frustrating. I hope someday it works
I've worked with Franco a bit to try and identify a problem but couldn't.
I can force two rules to trigger but that's it. If I enable the opnsense test rules and go to a site that tries to violate the rule it triggers. If I enable the chat ET rule and connect to freenode irc it triggers and blocks as well.
When I had pfsense and ipfire installed I had ET rules triggered all day and night every day. Mostly drop, dshield, scan and compromised rules.
I get nothing in opnsense. Very confusing and frustrating. I hope someday it works
85
17.1 Legacy Series / Re: USB Installer - No Option to Install
« on: March 28, 2017, 10:22:55 pm »
Physdiskwrite has yet to fail me creating a bootable USB stick for opnsense.
86
17.1 Legacy Series / Re: 17.1.2 new re driver + suricata = kernel panic
« on: March 18, 2017, 07:02:05 pm »
I'm using the new driver on a Zotac Ri531 and it doesn't crash the OS with suricata on.
I have trouble with ET rules but not a kernel panic.
I have trouble with ET rules but not a kernel panic.
87
17.1 Legacy Series / Re: POLL: IPS
« on: March 17, 2017, 12:16:38 pm »
I can do that but it isn't easy to keep switching firewalls ya know? Maybe I can do it this weekend.
88
17.1 Legacy Series / Re: POLL: IPS
« on: March 17, 2017, 03:33:16 am »
I wonder if I'm noticing that the majority of ET rules are not working because I have used multiple firewalls with ET rules all in a short period of time and know what to expect because of the results being identical in both of the other firewalls.
Others may not have exposure to other software using ET and just don't realize that they are not working right.
If I hadn't used pfsense and ipfire with ET I would just think opnsense isn't seeing anything that matches ET rules and that everything was normal.
Just a thought but I'm still convinced that something is wrong regarding ET rules/suricata in opnsense and I'd love to figure out what it is and get it resolved.
Others may not have exposure to other software using ET and just don't realize that they are not working right.
If I hadn't used pfsense and ipfire with ET I would just think opnsense isn't seeing anything that matches ET rules and that everything was normal.
Just a thought but I'm still convinced that something is wrong regarding ET rules/suricata in opnsense and I'd love to figure out what it is and get it resolved.
89
17.1 Legacy Series / Re: POLL: IPS
« on: March 10, 2017, 03:32:06 am »
Exciting news Franco!
I had an ET rule trigger and block.
I was using IRC in the opnsense channel and I thought to myself, why not turn on the ET chat rule and see what happens.
The second I turned the rule on it triggered and dropped my irc connection .
It then proceeded to trigger other irc related alerts and blocks.
That is great! I still don't understand why no other ET rules show up but this is good news.
I had an ET rule trigger and block.
I was using IRC in the opnsense channel and I thought to myself, why not turn on the ET chat rule and see what happens.
The second I turned the rule on it triggered and dropped my irc connection .
It then proceeded to trigger other irc related alerts and blocks.
That is great! I still don't understand why no other ET rules show up but this is good news.
90
17.1 Legacy Series / Re: POLL: IPS
« on: March 10, 2017, 03:05:30 am »
Is there anyway to see in realtime what suricata is blocking or what rules are triggered in a log file?
The suricata.log file doesn't show me any detail like that.
The suricata.log file doesn't show me any detail like that.