Messages

76

Intrusion Detection and Prevention / Re: Suricata prevents Battle.net login - no drops or alerts logged

« on: August 31, 2020, 11:00:54 am »

All rules regarding battle.net and for ex. warcraft are disabled in "Rules" overview?

77

Intrusion Detection and Prevention / Re: Send IPS alerts by e-mail

« on: August 23, 2020, 02:57:35 pm »

I agree if running IDS, but I'm running IPS. I want to block malicous traffic to my exposed systems.

I don't need notifications for any DShield blocks so I check that manually from day to day.

78

Intrusion Detection and Prevention / Re: Home network in IDS/IPS

« on: August 23, 2020, 02:55:17 pm »

Yes as long your ip range is within RFC1918 according to the description.

79

Intrusion Detection and Prevention / Re: Home network in IDS/IPS

« on: August 23, 2020, 12:43:05 pm »

Define custom home networks, when different than an RFC1918 network. In some cases, people tend to enable IDPS on a wan interface behind NAT (Network Address Translation), in which case Suricata would only see translated addresses in stead of internal ones. Using this option, you can define which addresses Suricata should consider local

https://docs.opnsense.org/manual/ips.html?highlight=suricata#advanced-options

80

Intrusion Detection and Prevention / Re: Send IPS alerts by e-mail

« on: August 23, 2020, 12:06:44 am »

Yes, but I find this more annoying than helpful.

81

Intrusion Detection and Prevention / Re: Error reconfiguring IDS: Error (1) / Hyperscan: Error installing ids rules (1)

« on: August 23, 2020, 12:06:24 am »

I am running an Intel 210 and i350 NICs and am getting the error in 20.7.

These are network cards, Hyperscan is CPU related.

@opnrules
Hardware specs?

82

Intrusion Detection and Prevention / Re: IDS/IPS new settings

« on: August 04, 2020, 10:39:51 am »

This will be fixed in next version:
https://github.com/opnsense/core/commit/6dbd1d4abc9e64baa8f919c5bfb02ffc261512bb


You can also patch via CLI:
opnsense-patch 6dbd1d4

Thx, I would be more happy to disable stats.log, as its writing to disk every 8 seconds.

83

Intrusion Detection and Prevention / Re: IDS/IPS new settings

« on: August 03, 2020, 10:00:15 pm »

Yeah I implemented that new settings. It allows you to use more memory to group large sets of rules.

I noticed the same thing, it now shows stats log, so I disabled this to get back the normal log.

https://forum.opnsense.org/index.php?topic=18288.0

84

20.7 Legacy Series / Re: Suricata - Engine?

« on: August 03, 2020, 04:45:30 pm »

What happens when you set it to "ac"?

No intel processor?

85

Intrusion Detection and Prevention / Stats.log

« on: July 28, 2020, 09:36:34 pm »

Hello,
I found out, not sure if this is new with 20.7.r_13, that IDS only shows the stats.log under LogFile. This seems to be pretty useless and I'm sure that it was the sucricata.log once in a while.

Can anyone confirm this behavior?

Code: [Select]

OPNsense 20.7.r_13-amd64
FreeBSD 12.1-RELEASE-p7-HBSD
LibreSSL 3.0.2
suricata.log is placed /var/log/
all other logs are placed /ar/log/suricata/

86

20.7 Legacy Series / Re: 20.7-r1

« on: July 28, 2020, 09:18:41 pm »

Actually not quite sure, but does IDS now show the stats.log under Log File or is my config f*** up?

87

20.7 Legacy Series / Re: 20.7-r1

« on: July 28, 2020, 02:05:08 pm »

I had my OPNSense in a reboot loop. Pulled the power cable and then it was booting normal.

However I experience a lot less system load. Was 0.4-0.6 before, now its 0.2-0.3

88

General Discussion / Re: GPS huge offset

« on: July 07, 2020, 02:53:31 pm »

Can anyone help me with that?

Attached the GPS Module with PPS signal via Serial Port.

FudgeTime2 = 0

Still 24 Seconds offset.

Reading from serial port directly shows correct time that I receive from PTB NTP.

Cheers

89

General Discussion / GPS huge offset

« on: May 28, 2020, 12:27:17 am »

Hello,
I've setup a u-blox GPS Module. Using it via u-center and or checking console output via:

Code: [Select]

cat gpsinit | cu -s 9600 -l /dev/gps0
Shows me the correct timing:

Code: [Select]

$GNZDA,221311.00,27,05,2020,00,00*7A
Setting it up via the Interface and checking the status shows an offset of ~330 seconds and marks the GPS Module as falseticker.

What am I doing wrong? Using default settings.

90

Intrusion Detection and Prevention / Suricata locksup igb1

« on: May 20, 2020, 09:45:00 pm »

Hello,
I've a Qotom with 4 x Intel i211AT.

Pretty every reboot Suricata locksup igb1 (LAN). Suricata is listening on WAN (PPPoE - igb0) and LAN (igb1).

I'm only able to access OPNSense via Wireguard VPN of my Phone. After 4-5 restarts of suricata is working again.

What am I doing wrong? Can someone confirm this issue?

Cheers