Search found 375 matches

by dnl
May 28th, 2019, 9:37 am
Forum: IPFire in General
Topic: Suricata vs Guardian: Loss of IP blocking
Replies: 6
Views: 1383

Re: Suricata vs Guardian: Loss of IP blocking

Well, Michael was somewhat blunt in his response to the ticket. It's a pity because I feel he's overlooking the legitimate value of this feature to some networks. I fully recognise that it is of no use to others, but it was always optional and not on by default. While I didn't intent to raise a disc...
by dnl
May 27th, 2019, 4:34 am
Forum: IPFire in General
Topic: Suricata vs Guardian: Loss of IP blocking
Replies: 6
Views: 1383

Re: Suricata vs Guardian: Loss of IP blocking

I did a quick search of IPFire Bugzilla but couldn't find this. Since we've not had a response from the devs here I'll raise a bug. Hopefully it will be considered seriously.

https://bugzilla.ipfire.org/show_bug.cgi?id=12089
by dnl
May 27th, 2019, 4:11 am
Forum: IPFire in General
Topic: IPS: Who chooses the default enabled rules in a ruleset?
Replies: 6
Views: 1203

Re: IPS: Who chooses the default enabled rules in a ruleset?

I believe that the ruleset provider selects the rules that they consider safe and least likely to trigger false positives, but I'm not a dev here so I'm only guessing. I would hope that as ruleset are updated, that those get passed on to us during automatic updates. Thanks. Yes, I suspect you are c...
by dnl
May 27th, 2019, 4:05 am
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 54
Views: 9383

Re: Intrusion Prevention System - core 131

With the previous Snort IPS, this was possible. I couldn't figure out how to do it with this new system. I'd load the ET rulesets, then when I tried to load the Snort Community rules (it's just one rule and should show up as a single checkbox), it wouldn't appear. Asked early on about this and only...
by dnl
May 21st, 2019, 9:56 am
Forum: IPFire in General
Topic: Suricata vs Guardian: Loss of IP blocking
Replies: 6
Views: 1383

Suricata vs Guardian: Loss of IP blocking

I'm really glad that Suricata has been implemented in IPFire! Unfortunately a major feature has been lost. Before with Guardian the IDS would block an IP which triggered a rule. Now the IPS only blocks the specific traffic which triggered that rule . This is a major loss of functionality. Although i...
by dnl
May 19th, 2019, 5:36 am
Forum: IPFire in General
Topic: Core 131 Suricata status page?
Replies: 5
Views: 714

Re: Core 131 Suricata status page?

Davidvt, I suspect that's a coincidence. Have you had a chance to look later and see if the pattern repeats? Arne, Could you please respond to my previous post when you're able? I didn't realise the change to Suricata would have such a dramatic impact. (I imagine it's switching away from guardian wh...
by dnl
May 19th, 2019, 5:34 am
Forum: IPFire in General
Topic: IPS: Who chooses the default enabled rules in a ruleset?
Replies: 6
Views: 1203

IPS: Who chooses the default enabled rules in a ruleset?

This is a general question and not specific to the (great!) change to Suricata in the latest release. Who selects which rules are enabled by default in a ruleset? Is this from the provider of the ruleset (Emerging Threats and Talos) or IPFire? Do the default rules change over time? So if I enabled t...
by dnl
May 18th, 2019, 12:06 pm
Forum: IPFire in General
Topic: Core 131 with Guardian
Replies: 3
Views: 487

Re: Core 131 with Guardian

It's worth keeping up with the blog: https://blog.ipfire.org/post/ipfire-2-23-core-update-131-released The guardian add-on is no longer required any more for the IDS to work but still provides means against SSH brute-force attacks and brute-force attacks against the IPFire Web UI. On a related note:...
by dnl
May 18th, 2019, 11:58 am
Forum: IPFire in General
Topic: Core 131 Suricata status page?
Replies: 5
Views: 714

Re: Core 131 Suricata status page?

Suricata in not blocking by IP Addresses. If traffic match to a rule it will blocked. In my opinion, that means that a major advantage of the IPS has been lost. I want to block suspicious internet IPs (RED interface) which trigger rules. For example if a port scan rule is triggered, I don't want th...
by dnl
February 9th, 2019, 10:50 am
Forum: IPFire in General
Topic: Newbie needs help with IPFire Security hardening
Replies: 3
Views: 1369

Re: Newbie needs help with IPFire Security hardening

PS: If you have a specific question about hardware, it might be best to write a new thread about it.
by dnl
February 9th, 2019, 10:38 am
Forum: IPFire in General
Topic: Newbie needs help with IPFire Security hardening
Replies: 3
Views: 1369

Re: Newbie needs help with IPFire Security hardening

I followed this manual: https://wiki.ipfire.org/optimization/start/security_hardening # (Many thanks to the Autor of the hardening guide: https://forum.ipfire.org/viewtopic.php?f=27&t=15151&start=30 ) Thank you! -I don't use the Intrusion Detection System or URL-Filter because i think my IPFire-Har...
by dnl
December 30th, 2018, 3:19 am
Forum: IPFire in General
Topic: Ipfblocklist (IP Blocklists for IPFire)
Replies: 16
Views: 4156

Re: Ipfblocklist (IP Blocklists for IPFire)

TimF wrote:
December 29th, 2018, 4:34 pm
The plan is to include this functionality into IPFire.
Awesome! 8)
by dnl
December 29th, 2018, 9:10 am
Forum: IPFire in General
Topic: Permanently block external ICMP only [SOLVED]
Replies: 6
Views: 2837

Re: Permanently block external ICMP only [SOLVED]

Updated the wiki page and added a section briefly explaining the -i interface option. https://wiki.ipfire.org/en/optimization/ping/start I was just updating my documentation and it appears in the past year someone has deleted my page of instructions - they're not at the new URL :( https://wiki.ipfi...
by dnl
December 22nd, 2018, 4:20 am
Forum: Development
Topic: Ossec for IPFire
Replies: 45
Views: 14960

Re: Ossec for IPFire

ummeegge wrote:
December 21st, 2018, 5:12 am
yes an agent package is provided.

Did an update to Wazuh 3.7.2 now but it is currently not up. I will build new versions only for 64bit, have dropped 32bit versions.
Thank you. I don't use 32bit Linux any longer.
by dnl
December 20th, 2018, 8:26 am
Forum: Development
Topic: Ossec for IPFire
Replies: 45
Views: 14960

Re: Ossec for IPFire

Hello ummeegge, I'm sorry that I was not clear. You have not understood what I meant. I'm after an agent package for Wazuh for IPFire as I intend to run a master elsewhere. Is that something you have packaged? Also running *any* software is a risk. I have no concerns about Wazuh or the components th...