Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Understanding that I am a newbie around here and just beginning to exercise suricata: 1. The log directory accumulates a lot of stuff fast (especially suricata.log and eve.json) and appears to keep them 'til you purge. So I regularly/frequently remove all files in...
  2. M

    Suricata Suricata - IDS on AsusWRT Merlin

    YES...good idea! (I expect to get going with suricata this weekend and will be doing some comparisons with AiProtections). My guess is that an old Trojan is again active. It's UDP so the probe can't really be blocked. It would become concerning if your box actually started responding to this...
  3. M

    Suricata Suricata - IDS on AsusWRT Merlin

    thanks vdemarco!!
  4. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Guessing that a final quote (") got truncated somewhere along the line!? Rgnldo, might be good to update page 1!?
  5. M

    Suricata Suricata - IDS on AsusWRT Merlin

    (I'm a newbie; Rgnldo needs to confirm this) The answer is yes - you can confirm the content of dns records (e.g. looking for invalid fields; overflows; etc.) https://suricata.readthedocs.io/en/suricata-5.0.2/rules/dns-keywords.html Other rules can confirm current encryption standards, certs...
  6. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Ahh.... good for you!!! 1. Understanding that I have NO experience with suricata, IIRC you couldn't ssh in after a port scan. You might now try first a scan, then see if you can still ssh in from the same address (The logic would be that a port scan precedes an attack and that subsequent...
  7. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Not my business, but IMHO open ports are an invitation for mischief. Consider "Port Knocking" to keep them stealth 'til you want access, or alternatively have them disappear for an hour after three unsuccessful log in attempts. These defenses would be in addition to Skynet/Suricata.
  8. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Ditto here; I really like the Skynet/Diversion combination. But IF I were to connect to a hostile site Suricata might well intervene. And given the Suricata manual seems very-well written, it's worth experimenting with.
  9. M

    Suricata Suricata - IDS on AsusWRT Merlin

    IIUC: 1. Skynet blocks access to known evil addresses, and uses standard, built-in iptables tests to block bad inbound packets. 2. Suricata analyzes the internal structure of packets to a greater degree; looks for packet timing tricks; suspicious packet signatures; and other things I've long...
  10. M

    Suricata Suricata - IDS on AsusWRT Merlin

    (Apologize in advance, rgnldo - I'm a newbie) - 1. I'm guessing an HND router is "Home Network Defender" <http://store.trendmicro.com/store/trendoem/en_US/pd/ThemeID.1268200/productID.109041900> !? If this is true, ISTM asuswrt-merlin routers can provide the other components of HND except for...
  11. M

    Suricata Suricata - IDS on AsusWRT Merlin

    Good to know; thank you for posting, Milan!! And thank you Rgnldo for the OP!! Some questions, please: 1. Which router? Which firmware? 2. What else are you running? Any conflicts or performance degradation? 3. How did you test it? e.g. NMAP? Metasploit? Possibly a testing site on the web...
  12. M

    Compromised Router with Hacked PPTP VPN User

    This is scary; thanks for posting!! ISTM this could be an inside job. Suggest you consider rebuilding the desktop as well as the router. At least check Safari for any strange addons (happened to a friend recently). (Random Misc: -Is(are) your LAN stuff up to date? -IIUC, Safari has had some...
  13. M

    Unbound - Authoritative Recursive Caching DNS Server

    THANK YOU! for creating and reminding us of this, ranido!
  14. M

    0.nextyourcontent.com malware in AC68U ?

    Thank You, Colin Taylor and others!!
  15. M

    0.nextyourcontent.com malware in AC68U ?

    Sorry if this has been addressed. After updating ac68u to 384.12, and installing Diversion and Skynet, I scan the LAN and find RT-AC68R-A9D8 at 192.168.1.2 with a hostname of 0.nextyourcontent.com - described as malware on multiple webpages. This address was reserved for Diversion use...
  16. M

    Protonmail and ProtonVPN black friday specials

    1. https://protonmail.com/blog/black-friday-cyber-monday-2017/ 2. Err... anyone configured to use the vpn in a client on Merlin? If so, how did you configure it? (I'm guessing you downloaded an .ovpn config file for some device; then edited the client within the router web interface; and then...
  17. M

    pixelserv pixelserv - A Better One-pixel Webserver for Adblock

    tried changing both 80 and 443 to iana-unreserved ports (30000 and 20000) and it seems to work fine. AB-S ended with a confirmation: " Done added pixelserv-tls switches: -k 30000 -p 20000 " Iptables did not require changes. 'twas quick before and seems equally quick now - though I'd guess...
  18. M

    pixelserv pixelserv - A Better One-pixel Webserver for Adblock

    Aha! hold the presses; just tried setting to port 3000 and got different diagnostics: *) requires additional parameter **) iptables rules need to be set to redirect the queries to new port(s). Both ports need to be set, even if one remains at default setting. I'm using my own...
  19. M

    pixelserv pixelserv - A Better One-pixel Webserver for Adblock

    Thanks for the suggestion, elorimer - AB-Solution does a good job of instructing you how to free up an address (192.168.1.2) and installing it there. (Heh...I freed up 9 addresses and tried to install it on 192.168.1.7...... no dice; it wants 192.168.1.2). thelonelycoder, I followed the script...
  20. M

    pixelserv pixelserv - A Better One-pixel Webserver for Adblock

    Thank You jrmwvu04, kvic, and thelonelycoder for the quick, useful replies! I did a fresh install of AB-Solution and tested it - before selecting the AB option of installing pixelserv. Dang.... it blocked images within HTTPS pages quickly and effortlessly (no "lagging" or indication that the...
Top