Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Opkg indicates it (suricata_4.1.7-1armv7..) is the only package available; no later v4 or v5 beta listed. Package maintainer is not indicated. ============================ Package: suricata Version: 4.1.7-1 Depends: libc, libssp, librt, libpthread, libyaml, jansson, libpcap, libpcre, file...
  2. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Different apps can add and define different interfaces; for e.g. I don't have ethx, eth6 or eth7 on my up-to-date RT-AC68U which is used with both wired and wireless clients. I also don't have QOS, cloud functions, VPN servers or clients, etc. You might list your router model, firmware version...
  3. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Got a chance to play with IPS today and didn't get very far. The af-packet configuration, which is crucial for IPS, has evolved significantly since our version of suricata (4.7) was upgraded to 4.8 and now to 5.03. I considered upgrading to either 4.8 or 5.03 and starting there (sigh...
  4. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Yep! ....... FWICT it doesn't work as an af_packet IPS with the current settings. And it was compiled without NFQ support so it can't use the traditional method were IpTables/Netfilter able to support it. If I get the time I'll play with it this weekend: reconfigure yaml, and add an address -...
  5. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Indeed - which makes Suricata so interesting. AiProtection seems to work, but to an unknown degree (rules).
  6. M

    Suricata Suricata - IDS on AsusWRT Merlin

    https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/ .
  7. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Heh....ROTFLMAO! You're a full-service hotel and host. :)
  8. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Agreed - IMHO that is how an IDS/IPS should work. But there are current/maintained Suricata rules (e.g. "drop.rules", "compromised.rules" ) that are simply website blocking lists. Perhaps they are intended as an option for users who do not have a Skynet type of address blocker (In that...
  9. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Yes, so as to catch the latest rule updates (Suricata folks seem to be aggressively keeping up with/correcting the changing landscape :) ). Rules are changing/improving every few days - it's rather like Kaspersky keeping up with 0-days. Note that restarting will update rules and will clear out...
  10. M

    Suricata Suricata - IDS on AsusWRT Merlin

    I'm still trying to learn how to use Suricata which requires that I pay attention to the various logs - so I manually delete all log (and json) files after review and before each starting. One can configure yaml to automatically overwrite files at restart. Unlike other Merlin apps, IMHO...
  11. M

    Suricata Suricata - IDS on AsusWRT Merlin

    IMHO Skynet keeps you away from MANY dangerous sites, and uses the very fast, very efficient iptables ipset commands. Suricata has optional rule sets that also block dangerous sites, but FWICT not nearly as many as Skynet, and not as efficiently (system processing overhead). There might be...
  12. M

    Suricata Suricata - IDS on AsusWRT Merlin

    "Realtime" suricata monitor Well, not actually real time - up to 5 second delay - but FWIW I'm having good luck with tail -f -s 5 /tmp/mnt/sda1/entware/var/log/suricata/fast.log (or eve.json if you'd prefer). While I don't want to see suricata or firewall popups alerting me to the...
  13. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Pen testing sites Anyone testing suricata with a free, public online pen tester: e.g. metasploit, nmap,? Am NOT looking for a port scanner to test for a "stealthed" firewall, but instead a site providing metasploit scripted attacks and exploits, or at least access to nmap so I can roll my own...
  14. M

    Suricata Suricata - IDS on AsusWRT Merlin

    ISTM = It Seems To Me IMHO = In My Humble Opinion Abbreviations intended to "soften" stated beliefs and opinions with which someone else may disagree; or simply dislike https://www.dailywritingtips.com/internet-initialisms/
  15. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Heh....ISTM Rgnldo is the impressive component with suricata (and he has other routers under "development"). But it is the whole Merlin-ASUS infrastructure/contributions from others here that is most profoundly impressive and makes supported ASUS modems the first choice IMHO
  16. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Ditto; I got one (.json and fast.log) last night...
  17. M

    Suricata Suricata - IDS on AsusWRT Merlin

    rgnldo, does this mean that the originating address is now on some sort of "blacklist"? If so, where is the blacklist and for how long is it on it?
  18. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Joe, Which log and/or json did you find this in?
  19. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Which log and/or json did you find this in?
  20. M

    Suricata Suricata - IDS on AsusWRT Merlin

    How did you identify the Mac application? 1. e.g. did securicata start popping up warnings immediately after you installed it? Or perhaps whenever you used it? Perhaps a signature update to an AV/AT? 2. Which suricata rule file and rule found it? TIA
Top