[Oisf-users] I did the installation of suricata as an IPS

[mouna amani]

It worked like magic the AF_packet tutorial thanks a lot .You really made
me happy ;)



On Thu, Jun 13, 2013 at 1:23 PM, mouna amani <amani.smiai.insat at gmail.com>wrote:

> I did check with iptables -vnL
> the queue is empty meaning that IPS did not receive any packet
> what can be the pb and how can I fixe it ???
> host1:192.168.50.3/24
> host :192.168.50.1/24
> the  Host_IPS is between them to inspect the traffic
> the  Host_IPS interfaces are up and with no ip address
> here is my conf file
> what can be the pb and how can I fixe it ???
>
>
> On Thu, Jun 13, 2013 at 10:30 AM, mouna amani <amani.smiai.insat at gmail.com
> > wrote:
>
>> I used NFQ to use surricata as an IPS
>> I have three machines:
>> -a host1
>> -a host2
>> -an IPS between them
>>
>> I followed the steps like in the official website
>> I used iptables -I FORWARD -i eth0 -o eth1 -j NFQUEUE
>> iptables -I FORWARD -i eth1 -o eth0 -j NFQUEUE and I check with iptables
>> -vnL
>>
>> Then  I run suricata -c /etct/suricata/suricata.conf -q 0
>>  Everthing went well .I only got a warning "no rules to be loaded  from
>> emerging-icmp.rules":I downloaded the file from web site and it is in the
>> right place ".
>> I guess it is only a warning it will not effect the IPS working well ?
>> Then I tried to ping the host1 from host2 and I got the error destination
>> unreachable .
>> I think the IPS is blocking all the trafic including the good want
>> I configured NFQ to work in accept/drop mode .I think it means that if
>> the packets are for an attack they will be dropped ??
>> I really need help because this is for my final project .
>> What I did wrong and what should I check ?
>>
>> --
>> *Amani smiai *
>> *
>> *
>>
>
>
>
> --
> *Amani smiai *
> *
> *
>



-- 
*Amani smiai *
*
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130613/f7f2ec47/attachment-0002.html>