OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Suricata permits traffic despite being blocked in the log.
« previous next »
  • Print
Pages: [1]

Author Topic: Suricata permits traffic despite being blocked in the log.  (Read 2265 times)

mucflyer

  • Newbie
  • *
  • Posts: 11
  • Karma: 0
    • View Profile
Suricata permits traffic despite being blocked in the log.
« on: November 07, 2019, 12:09:46 pm »
Hi all
Configured Suricata, enabled, IPS mode enabled, ET telemtry rules downloaded and enabled. Under alert I see SSH scan has been blocked, however I have NAT to internal SSH gateway, and I see IP which should be blocked is reaching gateway...

2019-11-07T12:05:40.644965+0100   2001219   blocked   WAN   185.232.x.x   62920   x.x.x.x   22   ET SCAN Potential SSH Scan

Why is permited ?
Logged

mucflyer

  • Newbie
  • *
  • Posts: 11
  • Karma: 0
    • View Profile
Re: Suricata permits traffic despite being blocked in the log.
« Reply #1 on: November 19, 2019, 11:18:28 am »
Example below, Suricata shows blocked in Alerts, but on Gateway I can see that IP connected. OPNSense restarted, Gateway restarted.

Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Suricata permits traffic despite being blocked in the log.
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2