Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS questions
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: IDS questions (Read 25988 times)
zash1958
Newbie
Posts: 3
Karma: 0
Re: IDS questions
«
Reply #15 on:
October 24, 2016, 10:38:07 am »
I formerly hoped that opnsense together with suricata will be a good replacement for our boxes (APU) running with pfsense/snort
But until now no working Suricata in IPS mode on this boxes. They have the Realtek networking cards.
IPS in opnsense / suricata no work --> in pfsense/snort perfect
?
Will there be any hope and chance for running stable opnsense/suricata on this APU boxes?
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IDS questions
«
Reply #16 on:
October 24, 2016, 04:39:14 pm »
Hi zash,
Realtek NICs are unstable for IPS/netmap mode. It's not fixable.
Note that there is no true IPS mode for snort, it's using a lazy-block list via filter that can leave your data leaked on the first incident anyway.
All in all, I think options for true IPS in FreeBSD are just that: Intel chips.
Cheers,
Franco
Logged
zash1958
Newbie
Posts: 3
Karma: 0
Re: IDS questions
«
Reply #17 on:
October 24, 2016, 04:50:48 pm »
OK, I understand.
That means that we got no running opnsense/suricata on all PcEngines APU boxes without Intel NIC's :-(
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IDS questions
«
Reply #18 on:
October 24, 2016, 05:00:26 pm »
There ought to be an emulation mode that may yield better results and supposedly works with all drivers. I haven't looked into it, but it would be interesting to see if it can be used instead of the real driver bindings (in case of Realtek anyway). Performance is a lot less, but it could be workable.
At the moment I don't have any time to look into it, but I will try to see if this is a workaround option for "known bad cards".
Cheers,
Franco
Logged
everfree
Newbie
Posts: 15
Karma: 0
Re: IDS questions
«
Reply #19 on:
October 28, 2016, 03:22:07 am »
I try opnsense 16.7.7, It's amazing. I also donate to opnsense, I hope that opnsense can be used for 10G inline mode in my production in the future.
I will donate again next month.
«
Last Edit: October 28, 2016, 03:32:41 am by everfree
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IDS questions
«
Reply #20 on:
October 28, 2016, 07:28:24 am »
Hi everfree,
Wow, thanks for the feedback and donation!
You should watch out for 17.1 with FreeBSD 11.0 underneath. We will have a beta version in November, an RC in January and the release just at the end of January 2017.
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IDS questions
«
Reply #21 on:
October 28, 2016, 07:25:47 pm »
Look at that, netmap(4) bug fixed in FreeBSD CURRENT, expecting a swift transition to both 10 and 11.
https://github.com/freebsd/freebsd/commit/c9c991ee76
Great work by sbruno@ and luigi@ for pinning this down.
PS: Already in our repo.
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: IDS questions
«
Reply #22 on:
November 12, 2017, 11:32:01 pm »
Been a while since I posted here. Just installed the latest OPNsense 17.7 and figured I have a new box, lets try it out. This box is a Supermicro 5018-FTN4 with an 8 core Intel Atom C2758 and i354 Quad NIC.
Setup went great with one static WAN and one LAN subnet. Seems to work fine until I enable IPS inline which kills the internet connection. Seems to work in non inline mode (IPS unchecked). Also noticed that when IPS is selected, Unbound DNS service keeps restarting. I just used all the default settings in IDS except I tried to use Hyperscan and that didn't work either.
One more note, tried Suricata inline using PFsense on this new box and it also didn't work. But the internet connection was ok, just no alerts. I also tried a known tested Intel i210T1 NIC on the WAN and it still didn't work.
Any suggestions?
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS questions