Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Intrusion Detection
« previous
next »
Print
Pages: [
1
]
Author
Topic: Intrusion Detection (Read 11841 times)
h.hammoud
Newbie
Posts: 4
Karma: 0
Intrusion Detection
«
on:
July 28, 2017, 04:09:35 pm »
Dears,
Recently I've installed OPNsense on my network but what I'm facing that when I enable the IPS the Internet speed become slow also the pages are opened very slow, also how can I change the action enable or disable a whole category rules on the IPS.
Thanks in advance for any help.
Logged
weust
Hero Member
Posts: 650
Karma: 57
Re: Intrusion Detection
«
Reply #1 on:
July 28, 2017, 04:30:55 pm »
IPS can be a big pressure on your hardware. What kind of hardware are you using?
And what internet speed do you have, and what do you get without IPS enabled?
The category question I can't answer.
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
h.hammoud
Newbie
Posts: 4
Karma: 0
Re: Intrusion Detection
«
Reply #2 on:
July 28, 2017, 05:37:36 pm »
Hi Weust,
My hardware is a DELL server R720 16GB RAM two CPU Qudro 100 GB SAS HDD the speed returns normal when you disable the IPS.
About the category what I'm asking about is that if I want to disable emerging-deleted.rules I must disable a rule by rule or make a filter base on this category and disable the rule set by select all but this takes a long time depending on the number of the rules.
Thanks
Logged
weust
Hero Member
Posts: 650
Karma: 57
Re: Intrusion Detection
«
Reply #3 on:
July 28, 2017, 05:51:04 pm »
I would expect the hardware to be fine. You did enable Hyperscan?
Disabling rule by rule is kinda annoying, indeed.
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
h.hammoud
Newbie
Posts: 4
Karma: 0
Re: Intrusion Detection
«
Reply #4 on:
July 28, 2017, 06:04:13 pm »
Yes I've enabled the Hyperscan.
Logged
interkrome
Jr. Member
Posts: 50
Karma: 3
Re: Intrusion Detection
«
Reply #5 on:
August 04, 2017, 04:56:32 am »
Happened to me also but after change to Aho-Corasick, everything back to normal.
Logged
Wayne Train
Full Member
Posts: 194
Karma: 12
Re: Intrusion Detection
«
Reply #6 on:
August 04, 2017, 10:10:36 am »
Hi,
so Aho is considered more efficient / better than hyperscan ?
Would be nice if someone could explain why ?
Best regards,
Wayne
Logged
Stephan
Jr. Member
Posts: 60
Karma: 3
Re: Intrusion Detection
«
Reply #7 on:
September 01, 2017, 02:43:02 pm »
Hi,
I'd also like to know which algorithm to prefer / to know which one is more efficient - probably it's an implementation problem, as hyperscan is quite new (~1y) in opnsense?
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Intrusion Detection
«
Reply #8 on:
September 01, 2017, 03:02:44 pm »
Sorry, I missed this.
AC is the Suricata default matcher. Hyperscan is a more recent library by Intel to speed up matching on most of its 64 bit architecture CPUs. Hyperscan is faster, yielding less CPU time and / or more throughput for IDS, but could be heavier on memory usage.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Intrusion Detection