151
Intrusion Detection and Prevention / Reverse lookup of the blocked IP's
« on: March 30, 2020, 05:41:57 pm »
Hi
Is there a way to lookup the blocked IP in Suricata??
Is there a way to lookup the blocked IP in Suricata??
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
152
Intrusion Detection and Prevention / Change logs to more than 7 items?
« on: March 30, 2020, 05:41:18 pm »
Hi
Can one change the default setting and how?
Can one change the default setting and how?
153
Intrusion Detection and Prevention / Re: IPS not working
« on: March 30, 2020, 05:17:14 pm »
Thank you 
Reading as we speak...
Reading as we speak...
154
Intrusion Detection and Prevention / Re: IPS not working
« on: March 30, 2020, 04:56:44 pm »
Why??
Are Suricata not supposed to be IDS and therefore INtrusion aware? Alerts for what is found to be trying to get in?
And LAN supposed to be what comes from the inside and derived from servers and workstations??
Are Suricata not supposed to be IDS and therefore INtrusion aware? Alerts for what is found to be trying to get in?
And LAN supposed to be what comes from the inside and derived from servers and workstations??
155
Intrusion Detection and Prevention / Re: IPS not working
« on: March 30, 2020, 04:48:36 pm »
It triggers nothing.
156
Intrusion Detection and Prevention / Re: IPS not working
« on: March 30, 2020, 04:17:09 pm »
AS of now I have no idea what Suricata is doing at what it finds...
And I cant control what is allowed and whats not.
And I cant control what is allowed and whats not.
157
Intrusion Detection and Prevention / Re: IPS not working
« on: March 30, 2020, 03:37:00 pm »
Using WAN (em0) and running Inline mode
158
Intrusion Detection and Prevention / Re: IPS not working
« on: March 30, 2020, 01:36:38 pm »
I have the same issue. Suricata not running/logging any packets at all.
2020-03-30T13:32:12 suricata[30160]: [101773] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
2020-03-30T13:31:27 suricata[30160]: [101773] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'BE.Radmin.Challenge' is checked but not set. Checked in 2003480 and 0 other sigs
2020-03-30T13:31:27 suricata[30160]: [101773] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'etpro.clsid.detected' is checked but not set. Checked in 2002172 and 0 other sigs
2020-03-30T13:31:09 suricata: [101773] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
2020-03-30T13:31:08 suricata: [100952] <Notice> -- This is Suricata version 4.1.7 RELEASE
2020-03-30T13:31:08 suricata[90916]: [100667] <Notice> -- Stats for 'em0+': pkts: 42028, drop: 0 (0.00%), invalid chksum: 0
2020-03-30T13:31:08 suricata[90916]: [100667] <Notice> -- Stats for 'em0': pkts: 42778, drop: 0 (0.00%), invalid chksum: 1
2020-03-30T13:31:08 suricata[90916]: [100667] <Notice> -- Signal Received. Stopping engine.
2020-03-30T13:31:08 suricata[90916]: [100667] <Notice> -- rule reload complete
2020-03-30T13:30:21 suricata[90916]: [100667] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'BE.Radmin.Challenge' is checked but not set. Checked in 2003480 and 0 other sigs
2020-03-30T13:30:21 suricata[90916]: [100667] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'etpro.clsid.detected' is checked but not set. Checked in 2002172 and 0 other sigs
2020-03-30T13:30:02 suricata[90916]: [100667] <Notice> -- rule reload starting
2020-03-30T12:09:42 suricata[90916]: [100667] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
2020-03-30T12:08:57 suricata[90916]: [100667] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'BE.Radmin.Challenge' is checked but not set. Checked in 2003480 and 0 other sigs
2020-03-30T12:08:57 suricata[90916]: [100667] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'etpro.clsid.detected' is checked but not set. Checked in 2002172 and 0 other sigs
2020-03-30T12:08:39 suricata: [100667] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
2020-03-30T12:08:38 suricata: [100995] <Notice> -- This is Suricata version 4.1.7 RELEASE
2020-03-30T12:08:38 suricata[69961]: [100712] <Notice> -- Stats for 'em0+': pkts: 770803, drop: 0 (0.00%), invalid chksum: 0
2020-03-30T12:08:38 suricata[69961]: [100712] <Notice> -- Stats for 'em0': pkts: 977361, drop: 0 (0.00%), invalid chksum: 1
I dont have the feel of control like I have in Pfsense regarding the Suricata implementation...
It hurts since I really dont dig the guys behind netgate and I am very fond of opnsense...
2020-03-30T13:32:12 suricata[30160]: [101773] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
2020-03-30T13:31:27 suricata[30160]: [101773] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'BE.Radmin.Challenge' is checked but not set. Checked in 2003480 and 0 other sigs
2020-03-30T13:31:27 suricata[30160]: [101773] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'etpro.clsid.detected' is checked but not set. Checked in 2002172 and 0 other sigs
2020-03-30T13:31:09 suricata: [101773] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
2020-03-30T13:31:08 suricata: [100952] <Notice> -- This is Suricata version 4.1.7 RELEASE
2020-03-30T13:31:08 suricata[90916]: [100667] <Notice> -- Stats for 'em0+': pkts: 42028, drop: 0 (0.00%), invalid chksum: 0
2020-03-30T13:31:08 suricata[90916]: [100667] <Notice> -- Stats for 'em0': pkts: 42778, drop: 0 (0.00%), invalid chksum: 1
2020-03-30T13:31:08 suricata[90916]: [100667] <Notice> -- Signal Received. Stopping engine.
2020-03-30T13:31:08 suricata[90916]: [100667] <Notice> -- rule reload complete
2020-03-30T13:30:21 suricata[90916]: [100667] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'BE.Radmin.Challenge' is checked but not set. Checked in 2003480 and 0 other sigs
2020-03-30T13:30:21 suricata[90916]: [100667] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'etpro.clsid.detected' is checked but not set. Checked in 2002172 and 0 other sigs
2020-03-30T13:30:02 suricata[90916]: [100667] <Notice> -- rule reload starting
2020-03-30T12:09:42 suricata[90916]: [100667] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
2020-03-30T12:08:57 suricata[90916]: [100667] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'BE.Radmin.Challenge' is checked but not set. Checked in 2003480 and 0 other sigs
2020-03-30T12:08:57 suricata[90916]: [100667] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'etpro.clsid.detected' is checked but not set. Checked in 2002172 and 0 other sigs
2020-03-30T12:08:39 suricata: [100667] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
2020-03-30T12:08:38 suricata: [100995] <Notice> -- This is Suricata version 4.1.7 RELEASE
2020-03-30T12:08:38 suricata[69961]: [100712] <Notice> -- Stats for 'em0+': pkts: 770803, drop: 0 (0.00%), invalid chksum: 0
2020-03-30T12:08:38 suricata[69961]: [100712] <Notice> -- Stats for 'em0': pkts: 977361, drop: 0 (0.00%), invalid chksum: 1
I dont have the feel of control like I have in Pfsense regarding the Suricata implementation...
It hurts since I really dont dig the guys behind netgate and I am very fond of opnsense...
159
20.1 Legacy Series / Re: All interfaces suddenly getting "detached"
« on: March 30, 2020, 01:32:15 pm »
Thanks
I got the same behavior when running it virtual in a VM with Open vmware tools package running.
When I deleted the package it stopped and has been running ever since no issues.
I got the same behavior when running it virtual in a VM with Open vmware tools package running.
When I deleted the package it stopped and has been running ever since no issues.
160
20.1 Legacy Series / Re: All interfaces suddenly getting "detached"
« on: March 30, 2020, 12:44:42 pm »
Are you running it in a VM?? (VmWare)??
Hardware, maybe?
161
20.1 Legacy Series / Re: A couple of things...
« on: March 29, 2020, 07:28:20 pm »
Did so to no avail...
But its no specifically safe if no funny letters are allowed...
But its no specifically safe if no funny letters are allowed...
162
20.1 Legacy Series / Re: Internet goes down.
« on: March 29, 2020, 02:50:05 pm »
I got the same thing this morning. Had to reboot the VM.
All connectivity dropped and came back when rebooted. Nothing in the VmWare logs at all.
Pfsense has the same thing in 2.4.5 but not in 2.4.4 P3.
No logs for what went wrong at all.
All connectivity dropped and came back when rebooted. Nothing in the VmWare logs at all.
Pfsense has the same thing in 2.4.5 but not in 2.4.4 P3.
No logs for what went wrong at all.
163
20.1 Legacy Series / A couple of things...
« on: March 29, 2020, 02:47:48 pm »
Hi there. Long time no see.
I cannot login at the console if I password protect it, despite using the same password that I do in the WebGUI (root user). Why??
If I disable the password protection then I can access the console?? Does it change locale or keyboard layout?
Another thing.
Suricata implementation. I need the Suricata alerts on the Dasbboard... how can I get the Suricata alerts there in a standalone widget??
What about a more detailed traffic graph and the ability to use the "wrench" in the widget to customize it?
Best regards to all
/Brian
I cannot login at the console if I password protect it, despite using the same password that I do in the WebGUI (root user). Why??
If I disable the password protection then I can access the console?? Does it change locale or keyboard layout?
Another thing.
Suricata implementation. I need the Suricata alerts on the Dasbboard... how can I get the Suricata alerts there in a standalone widget??
What about a more detailed traffic graph and the ability to use the "wrench" in the widget to customize it?
Best regards to all
/Brian
164
General Discussion / Hahaha Pfsense theme??
« on: November 13, 2015, 05:49:42 pm »
Looks like a clone of Opnsense
165
15.7 Legacy Series / Re: [SOLVED] Watchdog timeout -- resetting
« on: October 25, 2015, 07:33:13 am »
How is this related to storage/NFS?