Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. V

    [384.18_Alpha Builds] Testing all variants

    There are issues there is a bug (extra break) in the javascript code in the wireless page. If you look at it in Chrome, its forgiving and lets it go. Safari on the other hand stops processing the file. (so does others) This issue is fixed in the git repository, so when the next version comes...
  2. V

    Suricata Suricata - IDS on AsusWRT Merlin

    So i added - emerging-web_client.rules - emerging-current_events.rules to the rule-files Is there some reason that those are not in the yaml file?
  3. V

    Suricata Suricata - IDS on AsusWRT Merlin

    Hey i got the same thing 05/09/2020-10:49:27.386401 [**] [1:2017919:2] ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03 [**] [Classification: Attempted Denial of Service] [Priority: 2] {UDP} 193.228.91.107:37993 -> XX.XX.XX.XX:123 Sweet its all working now.
  4. V

    Suricata Suricata - IDS on AsusWRT Merlin

    I understand, but to be honest i just wanted to know its working, so i turned on the event json log file, could see it filling up, so its definitely looking at stuff. I then turned the log back to the way it was. i am satisfied that its all working to be honest.
  5. V

    [384.18_Alpha Builds] Testing all variants

    I get that sometimes on the mac with Safari. That bug has been there for a long time, try reloading the page multiple times. When this happens to me i reload over and over until it works. I know it sucks, but whatever, i don't go to the router website all of the time. But i just put on the new...
  6. V

    Suricata Suricata - IDS on AsusWRT Merlin

    The rule would be triggered by this is turned off. once again i can't remember which rule it was.
  7. V

    Suricata Suricata - IDS on AsusWRT Merlin

    I can't find it now, but you basically have to echo a variable into /proc/* device to increase the event limit size.
  8. V

    Suricata Suricata - IDS on AsusWRT Merlin

    I was getting this too. if you google for "kernel: htb: too many events!" you find a workaround.
  9. V

    Suricata Suricata - IDS on AsusWRT Merlin

    THanks that fixed it. Vince
  10. V

    Suricata Suricata - IDS on AsusWRT Merlin

    I set it up when i was using skynet, i set up a 2GB swapfile with amtm (installed on the firmware)
  11. V

    Suricata Suricata - IDS on AsusWRT Merlin

    I tried to turn on emerging-dos.rules rules and suricata crashed right away. I am pretty sure its running out of memory. So i have time machine running and i have a 2GB swap file configured. Should i increase the swap to 4GB?? not really sure.
  12. V

    Replacing Apple Airport Extreme Router. I Need Recommendations

    I had an Apple Airport and the Asus was so much better that when the AC66 got too old, i bought another one. Google has enough info on me i don't want them to have more. So i agree with L&LD.
  13. V

    Suricata Suricata - IDS on AsusWRT Merlin

    You might be right (running out of memory?) i do have a 2Gb swap file, so if its running out of memory that seems odd. Its been fine now for a few days. so i am not sure what is happening.
  14. V

    Suricata Suricata - IDS on AsusWRT Merlin

    I was getting suricata to crash all of the time so i changed /opt/var/lib/suricata/rules/updates_rules_suricata.sh to be like below. also the instructions should be changed to update to add this line cru a suricata_updte "0 3 * * * /opt/var/lib/suricata/rules/updates_rules_suricata.sh" to...
  15. V

    Suricata Suricata - IDS on AsusWRT Merlin

    So i can get it to run for a few minutes then it crashes here is the log output 29/4/2020 -- 09:38:32 - <Notice> - This is Suricata version 4.1.7 RELEASE 29/4/2020 -- 09:38:32 - <Info> - CPUs/cores online: 4 29/4/2020 -- 09:38:32 - <Info> - Found an MTU of 1500 for 'eth0' 29/4/2020 -- 09:38:32...
  16. V

    Suricata Suricata - IDS on AsusWRT Merlin

    Suricata can also be configured to block outgoing packets right? from simple reading i can set it up to block dns queries for facebook, etc.. Very interesting. I am assuming that all works with this version too?
  17. V

    Suricata Suricata - IDS on AsusWRT Merlin

    I tired that. and it still worked. the scan always shows just the 1 port open which is exactly as expected. I think i need to turn on all of the logging and watch it to see whats up. (not 100% sure what i need to change in the yaml file to do this) I am expecting to see stuff in the...
  18. V

    Suricata Suricata - IDS on AsusWRT Merlin

    All seems to be working now.i can ssh in etc. Now i just need to see if its really doing anything at all.
  19. V

    Suricata Suricata - IDS on AsusWRT Merlin

    I think i have it correct, here are some pieces of the yaml file # Holds variables that would be used by the engine. vars: # Holds the address group vars that would be passed in a Signature. address-groups: HOME_NET: "[10.0.0.0/16]" EXTERNAL_NET: "any" DNS_SERVERS...
  20. V

    Suricata Suricata - IDS on AsusWRT Merlin

    my ssh port is normally open, but now after doing a port scan, i can't ssh into the network. (I know its an invitation, i am okay with that) so the question is does suricata block ssh by default?
Top