Search found 294 matches

by axel2078
March 5th, 2013, 5:51 pm
Forum: Development
Topic: IDS Not Working after core 66 update
Replies: 17
Views: 5026

Re: IDS Not Working after core 66 update

I'm not sure who that question was addressed to, but I did manually pull down a new rule set after upgrading to core 66.
by axel2078
March 5th, 2013, 4:03 pm
Forum: Development
Topic: Packet logging bug
Replies: 15
Views: 4135

Re: Packet logging bug

Which directives are added to snort.conf? Maybe, IPFire users and developpers can see whether they are necessary. BTW: Could you post a link to the smoothwall discussion, please? It is easy to look at the problem directly. The lines specifically mentioned were these: include $PREPROC_RULE_PATH/prep...
by axel2078
March 5th, 2013, 4:00 pm
Forum: Development
Topic: IDS Not Working after core 66 update
Replies: 17
Views: 5026

Re: IDS Not Working after core 66 update

Yes. I've had this problem since core 65. You aren't alone. It seems that this version of snort doesn't log as much as other versions. I'm not sure why. I recently voiced my concerns on this based on what I saw when I was running Smoothwall on the same hardware since the IDS logs always had entries ...
by axel2078
March 2nd, 2013, 10:19 pm
Forum: Development
Topic: Packet logging bug
Replies: 15
Views: 4135

Re: Packet logging bug

"Commented out" == "Non existent" for snort when reading snort.conf. True, but in Smoothwall's case, the problem was caused because those lines were non-existent (commented out) and wouldn't work right until the comment symbols were removed. In IPfire, those lines are missing al...
by axel2078
March 2nd, 2013, 9:36 pm
Forum: Development
Topic: Packet logging bug
Replies: 15
Views: 4135

Re: Packet logging bug

BeBiMa wrote:Have you verified this?
From the forums you should know the lines.


I did check and the snort.conf file that Smoothwall uses is a bit different than the one that Ipfire uses.  The lines that were commented out in Smoothwall's snort.conf file weren't even present in IPfire's snort.conf file.
by axel2078
March 2nd, 2013, 8:11 pm
Forum: Development
Topic: Packet logging bug
Replies: 15
Views: 4135

Re: Packet logging bug

I was browsing the Smoothwall forums yesterday and noticed a few posts about this exact same thing.  Several users were reporting that snort was no longer logging on their Smoothwall systems.  The cause was the snort.conf file.  It seems that an update of snort brought with it a new s...
by axel2078
February 25th, 2013, 3:05 pm
Forum: Development
Topic: Packet logging bug
Replies: 15
Views: 4135

Re: Packet logging bug

First: the report shows that yout system is secure. IPFire doesn't respond to the ports. This is identical to a non existent system with this IP. Doesn't make sense for a possible intruder to try further more. Isn't that a goal of a firewall? Second: Maybe most of the scans are detected by NEWNOTSY...
by axel2078
February 25th, 2013, 2:42 am
Forum: Development
Topic: Packet logging bug
Replies: 15
Views: 4135

Re: Packet logging bug

Yep, I experienced this when I installed 2.11 and am still experiencing this after upgrading to 2.13. This needs to be fixed. What's the point of having an IDS system if it can't accurately show you what it's doing?
by axel2078
February 22nd, 2013, 9:33 pm
Forum: Installation
Topic: Everybody surfing
Replies: 7
Views: 2080

Re: Everybody surfing

Hi, thanks for answer. I don't want to use transparent because, squid doesn't manage or block https properly... I have some users in the lan that use ultrasurf to bypass the proxy and need to stop them doing that. that's why i need to use non transparent mode. Best regards Can't you select the &quo...
by axel2078
February 21st, 2013, 3:48 pm
Forum: IPFire in General
Topic: noticing lots of errors since upgradae to 2.13
Replies: 3
Views: 883

Re: noticing lots of errors since upgradae to 2.13

The clamav messages are normal. The not found kernel modules are because the 2.6.32 kernel is still running after the update but the modules are already removed. After rebooting into 3.2.38 this messages should vanish. So all of this messages are normal while the update... I'm not quite sure I unde...
by axel2078
February 21st, 2013, 5:01 am
Forum: IPFire in General
Topic: noticing lots of errors since upgradae to 2.13
Replies: 3
Views: 883

noticing lots of errors since upgradae to 2.13

I've noticed lots errors in the logs since I upgraded to 2.13 last night. Is anyone else seeing this? ClamAV **Unmatched Entries** Not loading PUA signatures. Bytecode: Security mode set to "TrustSigned". LOCAL: Unix socket file /var/run/clamav/clamd LOCAL: Setting connection queue length ...
by axel2078
February 21st, 2013, 4:50 am
Forum: Development
Topic: DHCP error (duplicated entries)
Replies: 8
Views: 5612

Re: DHCP error (duplicated entries)

I see the same thing on mine even though I use DHCP reservations with a range of IPs that is outside the DHCP scope.
by axel2078
February 20th, 2013, 5:03 am
Forum: IPFire in General
Topic: [SOLVED] no IDS logs??
Replies: 30
Views: 7904

Re: no IDS logs??

Update: I just added the scan rules to snort and then I went to the Shield's Up website and had it do a port scan on my IP. I looked in the IDS logs and it had logged NOTHING. How can this be? Why would it not log port scan attempts?
by axel2078
February 19th, 2013, 8:57 pm
Forum: Development
Topic: [Request] email notification system
Replies: 2
Views: 1233

Re: [Request] email notification system

Maybe I'm not understanding you or maybe I didn't explain what I was looking for very well. I'm not really looking to create my own mail server. All I want to do is to be able to send an email from IPfire to a gmail address when a certain threshold is reached, which I guess would have to be scripted...
by axel2078
February 19th, 2013, 6:48 pm
Forum: Development
Topic: [Request] email notification system
Replies: 2
Views: 1233

[Request] email notification system

It would  be really nice if the system had a built-in, configurable mail notification system that could send emails to an address you define for parameters you define, such as SMART errors, disk usage alerts, scheduled jobs completed, etc.