Menu
What's new
By:
Filters Better Search

Suricata Suricata - IDS on AsusWRT Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Might test a bit more later this weekend.

For now I’m glad I saw a “Drop” (which might be better than the “wDrop”?).
 
I have searched but not really found a clear explanation. Exactly what does the use-mmap: yes do?
 
Let me warn you, Suricata is open source software, but to enjoy the benefits of the community you need to know network protocols. Specific rules and the software already configured are commercialized. I took time adjusting to the rules I have. I currently have a standard that makes it easy.
 
  • Like
Reactions: KW.
rgnldo said:
nmap is network mapping and scanning software.
Click to expand...
I am very familiar with nmap, but not mmap as is used in suricata.
 
Suricata is a very good IPS/IDS but I do not think it is a good fit for our Asus routers. I have finally realized that I have spent way too much time on it, so I have removed it from my router. I wish the best for further endeavors on this project.
 
mike37 said:
.
Ahhh..... so the "drop" should be replaced with "REJECT"; good. Does the rule otherwise seem valid?
Click to expand...
Drop and reject in iptables both stop the packet, but diff in whether anything is sent back to the sending client. Drop does nothing, so the connection appears to timeout. Reject sends back that the packet is being rejected
 
Suricata in IPS mode is dropping Cisco VPN for me :) if running it cant be established
when stopped, the connection is established, so I started Suricata back. after 30 mins it was dropped again.
 
For the second day in a row Suricata suddenly blocks all internet access from my PC to the outside world... (and even to my router)

(without any log, but if I kill Suricata I have access again)
 
XIII said:
For the second day in a row Suricata suddenly blocks all internet access from my PC to the outside world... (and even to my router)

(without any log, but if I kill Suricata I have access again)
Click to expand...
Did you monitor your memory usage? wonder if you're running out of available memory for Suricata to work.
 
Mutzli said:
Did you monitor your memory usage? wonder if you're running out of available memory for Suricata to work.
Click to expand...
No, I did not monitor that.

I did see a log that Suricata crashed (and restarted) around 3:00 though.
 
Little easier to read:
1596927430980.png
 
Smokey613 said:
Suricata is a very good IPS/IDS but I do not think it is a good fit for our Asus routers. I have finally realized that I have spent way too much time on it, so I have removed it from my router. I wish the best for further endeavors on this project.
Click to expand...
in the beginning it is like that. Watching your enthusiasm, you will be back soon. Puzzles are addictive. ;)
 
juched said:
Little easier to read:
View attachment 25280
Click to expand...
I took a look through your github commit and there's room for some performance gains. I'd recommend using d3 to load the csv for chartjs rather than writing it directly to a js file in the shell script for both the chart and table.

You may also wish to use group by for running the sql query rather than looping over it for set intervals.
 
You must log in or register to reply here.

Similar threads

RMerlin
  • Locked
Beta Asuswrt-Merlin 3006.102.1 Beta is now available for WIfi 7 devices
3 4 5
Replies
97
Views
14K
RMerlin
RMerlin
HELLO_wORLD
One mirroring solution for IDS (my approach and solution)
Replies
5
Views
1K
HELLO_wORLD
HELLO_wORLD
garycnew
Entware [SOLUTION] Cross-Compile xxHash Entware Package via Debian Live DVD
Replies
0
Views
2K
garycnew
garycnew
garycnew
Entware [SOLUTION] Cross-Compile ProxyChains-NG Entware Package via Debian Live DVD
2
Replies
22
Views
3K
sfx2000
sfx2000
garycnew
Entware [SOLUTION] Cross-Compile Nyx (Tor Command-Line Monitor) Entware Package via Debian Live DVD
Replies
0
Views
2K
garycnew
garycnew
Similar threads
Thread starter Title Forum Replies Date
thelonelycoder amtm amtm 5.0 - the Asuswrt-Merlin Terminal Menu, November 17, 2024 Asuswrt-Merlin AddOns 61
J Entware Possible to install jdownloader on asuswrt-merlin router with entware?? Asuswrt-Merlin AddOns 9
W Skynet SOLVED: Scrollbar Disappears on Skynet Tab on Asuswrt-Merlin 386.14 Asuswrt-Merlin AddOns 10
thelonelycoder scMerlin scMerlin 2.5.8 - Service and script control menu for Asuswrt-Merlin, October 20, 2024 Asuswrt-Merlin AddOns 85
JGrana uKasa uKasa - A utility script that manages Kasa smart outlets and switches with Asuswrt-Merlin routers Asuswrt-Merlin AddOns 29
JGrana Updated Hue Utility - huetil Control and manage your Hue system from Asuswrt-Merlin or Raspbian Asuswrt-Merlin AddOns 1
8 ASUS RT-AX58U (F/W Ver.:V3.0.0.4.384.8601) with Asuswrt-Merlin 3004.388.5 - Transmission: "Could not connect to the server. You may need to reload" Asuswrt-Merlin AddOns 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 905 (members: 14, guests: 891)
Top