What's new

Suricata Suricata - IDS on AsusWRT Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Might test a bit more later this weekend.

For now I’m glad I saw a “Drop” (which might be better than the “wDrop”?).
 
I have searched but not really found a clear explanation. Exactly what does the use-mmap: yes do?
 
Let me warn you, Suricata is open source software, but to enjoy the benefits of the community you need to know network protocols. Specific rules and the software already configured are commercialized. I took time adjusting to the rules I have. I currently have a standard that makes it easy.
 
  • Like
Reactions: KW.
nmap is network mapping and scanning software.
I am very familiar with nmap, but not mmap as is used in suricata.
 
Suricata is a very good IPS/IDS but I do not think it is a good fit for our Asus routers. I have finally realized that I have spent way too much time on it, so I have removed it from my router. I wish the best for further endeavors on this project.
 
.
Ahhh..... so the "drop" should be replaced with "REJECT"; good. Does the rule otherwise seem valid?
Drop and reject in iptables both stop the packet, but diff in whether anything is sent back to the sending client. Drop does nothing, so the connection appears to timeout. Reject sends back that the packet is being rejected
 
Suricata in IPS mode is dropping Cisco VPN for me :) if running it cant be established
when stopped, the connection is established, so I started Suricata back. after 30 mins it was dropped again.
 
For the second day in a row Suricata suddenly blocks all internet access from my PC to the outside world... (and even to my router)

(without any log, but if I kill Suricata I have access again)
 
For the second day in a row Suricata suddenly blocks all internet access from my PC to the outside world... (and even to my router)

(without any log, but if I kill Suricata I have access again)
Did you monitor your memory usage? wonder if you're running out of available memory for Suricata to work.
 
Did you monitor your memory usage? wonder if you're running out of available memory for Suricata to work.
No, I did not monitor that.

I did see a log that Suricata crashed (and restarted) around 3:00 though.
 
Little easier to read:
1596927430980.png
 
Suricata is a very good IPS/IDS but I do not think it is a good fit for our Asus routers. I have finally realized that I have spent way too much time on it, so I have removed it from my router. I wish the best for further endeavors on this project.
in the beginning it is like that. Watching your enthusiasm, you will be back soon. Puzzles are addictive. ;)
 
Little easier to read:
View attachment 25280
I took a look through your github commit and there's room for some performance gains. I'd recommend using d3 to load the csv for chartjs rather than writing it directly to a js file in the shell script for both the chart and table.

You may also wish to use group by for running the sql query rather than looping over it for set intervals.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top