Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Thanks, I was reading the 4.1.8, but another tab and google search ended me back at 5.0.3 one. The 4.1.8 still confirm the same findings :)
  2. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    I will look to fork in github and share my findings. As I find time and it is summer, it may be slow, but I will share my learning. So far I can get it into IPS mode, and my main traffic works fine. But the guest networks do not.
  3. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Changed the init.d script, and now I can tail log files and edit the YAML file without it shutting down. Basically added -D to run in daemon mode, and then sleep 1 sec for the sub-process to start. Figured I would share. #!/bin/sh logger -t S82suricata "Starting Suricata IDS/IPS $0" # set...
  4. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    From this link : From this paper it seems to me that sticking with af-packet is better. from the suricata docs it seems: Finally, workers mode is considered the best performance according to the suricata docs. And it seems that pcap mode needs to be in autofp mode. So, the...
  5. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    These settings are enabled in the default yaml and I didn't remove them, but they do not support IPS. If you want suricata to drop bad packets, you need to use an IDS mode, and with our build it is only with AF_PACKET. But I thought I would try it anyways. For the section of the config file...
  6. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Trying to figure out from the documentation examples which items are needed. Removing some items and this seems to enabled IPS in the logs at least. Not sure yet how to test. af-packet: - interface: eth0 copy-mode: ips...
  7. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    Been playing around with suricata. The mode in the YAML file is just IDS, it will detect and write to the logs, but cannot drop any packets. This is because it is getting a copy via af_packet mode (the only mode compiled into our copy of suricata). You can enabled IPS so it can drop packets...
  8. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    I pushed an update to remove any offending lines like that. Just need to uninstall and re-install DNS Firewall to get the new fix. Note: this file downloads every 15 minutes, so if you manually remove it will come back :)
  9. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    I have narrowed it down to this entry:sipesv.org. CNAME . ; Malware download (2020-07-30), see https://urlhaus.abuse.ch/host/sipesv.org./ Seems it doesn't like the fully qualified "." domain ending.
  10. juched

    Suricata Suricata - IDS on AsusWRT Merlin

    I took the plunge and setup suricata on my RT-AX88U. I did it manually, not hard, Thanks @rgnldo. Changed the setup to log only to syslog and no stats currently. When using top, I see the memory usage at 772m (WOW!). But things are running and free command shows that buffers/cache still has...
  11. juched

    How to use pi1.domain.com and pi2.domain.com instead of router.domain.com:8001 and router.domain.com:8002?

    You either need a proxy (something listening on port 80 which can be smart enough to forward to the correct PI) or separate IPs, not really available on residential ISPs mostly (and even if you did, you would need a router which can support port-mapping from different IPs).
  12. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    No further configuration should be needed. It takes some time for the ads to start reducing, since it needs to detect the servers and re-direct them to the same IP. So, for the first few days you will still see ads from time to time, but over time it should start going down. And it isn't fool...
  13. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    Don’t think that has anything to do with the failure. Looks like a bad site. Not sure why it is failing on the android device. How does it fail? Timeout or error message?
  14. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    Any log entries in unbound while it fails? Can you also try "youtube update" to have it select a different IP to see if that helps?
  15. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    Not sure. This ad blocker was based on findings from the Pi-hole community. My first thought was the IP selected as gone bad, meaning the server it is directing all traffic to may be gone, causing issues. However you do Chrome works fine. What happens when you disable the youtube ad...
  16. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    Sorry, my mistake. You do not need to empty those two boxes.
  17. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    Correct. Use DHCP auto DNS on windows and allow router to specify its own IP as DNS and remove other DNS specified. Also turn off auto on WAN to not use ISP DNS servers. You can tell which DNS server you are using by using this site. https://www.dnsleaktest.com/ It should show your own IP as...
  18. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    If you run unbound you should change your router to specify itself as the DNS server and do not use any other DNS servers like 1.1.1.1 or 9.9.9.9 or else it will just skip your local DNS. For windows just let it use the router for the DNS and don’t specify a specific one.
  19. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    Nope, it is RPZ and is based on domains. It can also do reverse IP blocking, but it isn’t common. I fully recommend running both. But stopping the lookup for a bad site before knowing the IP is best.
  20. juched

    Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

    Don’t see how, as skynet needs IP lists.
Top