Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Is this in IPS mode?
  2. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Found it, missing a character. Please try again.
  3. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Pushed a change. I think my /opt/var/lib directory existed because I run unbound already. I added a command to make the folder. Hope that fixes it for you.
  4. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    I forked and updated the suricata_manager.sh script. I added to it my default config, the log processing and stats generate, and some other items to clean up. You can try it if you dare :) the command is: mkdir /jffs/addons 2>/dev/null;mkdir /jffs/addons/suricata 2>/dev/null; curl --retry 3...
  5. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    On my AX88U the CPU isnt heavily loaded. Even during Speedtest which gives full speed the CPU is pretty low. With 4 threads per copy interface so 8 in total. The main network connection works fine with no real latency. Just the guest wifi which doesn’t work properly. Believe this is because...
  6. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    Data for the graphs is written to the USB stick here: /opt/var/lib/unbound/
  7. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Thanks for sharing. I tried this, which was mainly the setting tpacket-v2:yes and the ringbuffer and buffer size changes. For me, devices on the guest network no longer have access to the internet. It seems to now work for some, but with a delay and flaky. Do you have any issues with this...
  8. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Good suggestions. I removed the skynet check already.
  9. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    i am away for a week and didn’t have time to post more. can try by grabbing three files from here: Github you want to place the files suricata_log.sh, suricata_stats.sh and suricatastats_www.asp in a folder /jffs/addons/suricata. then chmod +x the two scripts and...
  10. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Little easier to read:
  11. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    I don't think it makes a difference. With the config you shared, the copy command is ignored and it runs like your current config, so no difference.
  12. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    As I figured: Copy mode activated but use-mmap set to no. Disabling feature I do think using it for detection is still good.
  13. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Agree, the IDS is good. I am considering creating a log scrapper to a DB, and then making a UI page to show a table of items and the associated IP. Just need to find the time to do this. I am currently running in the standard IDS mode. with AF_packet mode it gets a copy, and I do not believe...
  14. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Curious, what does your suricata log file show during startup? Does it still show IPS is enabled? Can you paste your log file during startup to share?
  15. juched

    Merlin firmware for the new RT-AX86U?

    Interesting. I always thought it was the RT-AC68U which was the most popular one out there.
  16. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    DNS Firewall has no impact on your ping to IPs or throughput.
  17. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Hard to tell. From what I see: attempted-recon Attempted Information Leak medium My gut is that the device using curl in a way that looks suspicous. If the IP 18.233.186.252 is the service it should be talking to, then you can ignore this.
  18. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    I thought that too, but for IPS mode you need pairs of interfaces for the copy-iface, so eth0->br0 (WAN to LAN) and br0->eth0 (LAN to WAN). As I recall if I added in eth->wl0.1 and wl0.1->eth0, it failed since eth0 is already being copied to br0. wl0.1 is part of br0, so I think that is ok...
  19. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Your guest network, are you using YazFi? or just regular guest wifi built into Asus? Do you allow "Intranet access"? Thank you for trying this. Seems you have a functional IPS system now.
  20. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    based on the default config it is IDS not IPS. IPS can be accomplished by using the configuration I posted earlier with copy to parameters. You will see IPS mode in the logs if successful. I believe I am having iptables issues with my guest network. So if not using a guest network or would be...
Top