Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata "blocks" traffic but doesn't
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata "blocks" traffic but doesn't (Read 1658 times)
steilfirn_8000
Jr. Member
Posts: 56
Karma: 0
Suricata "blocks" traffic but doesn't
«
on:
July 19, 2023, 01:34:41 pm »
Hello everyone,
I am using Suricata for quiet a while on my virtual OPNsense firewall.
I recently stumbled accross an intressting thing: On Suricatas log it says that it blocks some specific IPs for e.g. SSH scan but on the destination host I can also see that fail2ban is banning the specific IP.
So from my point of view it looks like that Suricata is "lying" about blocking it.
Anyone else having same troubles?
Logged
steilfirn_8000
Jr. Member
Posts: 56
Karma: 0
Re: Suricata "blocks" traffic but doesn't
«
Reply #1 on:
July 19, 2023, 03:18:58 pm »
Okay it seems to block the initial traffic but traffic from same IP with same attack vector (e.g. SSH scanning) will be passed through after some time
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata "blocks" traffic but doesn't
