Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
Suricata error, DNS crashes
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: Suricata error, DNS crashes (Read 13123 times)
Ciprian
Sr. Member
Posts: 284
Karma: 50
Re: Suricata error, DNS crashes
«
Reply #15 on:
August 10, 2017, 02:40:56 pm »
Hello everyone!
@franco & @ other administrators in particular, this matter with sluggish and erratic specific traffic caused by Suricata (DNS traffic for that case) sounds exactly like the problems I encountered since 17.1.4 (17.1.4 being the last stable version of OPNsense at the moment I started using it), problems with RDP (port 3389) and with Veeam back-up/ copy/ transfer traffic: no log traces in either of FW log or IPS log, but both services are massively impacted by enabling IPS. With only IDS, or with Suricata completely disabled, no problems. I have found out that for RDP the cause is the ruleset "ET-Emerging DOS" (maybe a single one rule, or a few rules in the ruleset, I don't know, I didn't dig it further...) and no ideea up to now about Veeam traffic.
And now DNS traffic seems to be impacted by enabling IPS, in the same massive and erratic way... :/ It might be one rule, or a few of them, in one or more then one rulesets (ill written rules, maybe, since they don't leave any traces in the log files? :-? ), or might be some bug(s) in the engine of Suricata itself.
I have a few replies I have written over the last few months regarding these problems, and here are a few links to those replies:
https://forum.opnsense.org/index.php?topic=3639.msg21340#msg21340
https://forum.opnsense.org/index.php?topic=5323.msg21620#msg21620
https://forum.opnsense.org/index.php?topic=3639.msg21583#msg21583
https://forum.opnsense.org/index.php?topic=4140.msg21270#msg21270
I hope it's of any help, and I wrote this lines since any info might be a lead toward the right course of action for finding the solution.
PS I didn't update to 17.7 yet, and I don't use IPS any more since a good while, as I already had problems I explained upon.
Logged
Noctur
Jr. Member
Posts: 79
Karma: 4
Re: Suricata error, DNS crashes
«
Reply #16 on:
September 19, 2017, 04:56:32 am »
Just tried to pkg add the older suricata: # pkg add -f
https://pkg.opnsense.org/snapshots/suricata-3.2.2.txz
Received a pkg not found message. Has it been pulled?
I'm still getting DNS drops with Unbound, Suricata 4, and running a Nord VPN instance. Suri 3.2.2 seemed to work better. I've been trying them both for several days each with the recent 17.7.2 update and was flipping back to 3.2.2.
Logged
overkill: Dell SFF i5, 16gb, 120gb SSD, 4x gb NICs
OPNsense 21.1.x
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Suricata error, DNS crashes
«
Reply #17 on:
September 19, 2017, 06:43:37 am »
Moved here, the mirror now has a snapshot directory for each ABI:
https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/
Cheers,
Franco
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
Suricata error, DNS crashes