[Oisf-users] I did the installation of suricata as an IPS
mouna amani
amani.smiai.insat at gmail.com
Thu Jun 13 18:16:42 UTC 2013
I don't get destination host unreachable ping is working .The IPS is
working in AF_packet mode
But the IPS is not blocking the attacks at all
I am using emerging-rules that I downloaded from the site
why my ips is not blocking the attacks ???that is very serious issue
On Thu, Jun 13, 2013 at 6:55 PM, mouna amani <amani.smiai.insat at gmail.com>wrote:
> It worked like magic the AF_packet tutorial thanks a lot .You really made
> me happy ;)
>
>
>
> On Thu, Jun 13, 2013 at 1:23 PM, mouna amani <amani.smiai.insat at gmail.com>wrote:
>
>> I did check with iptables -vnL
>> the queue is empty meaning that IPS did not receive any packet
>> what can be the pb and how can I fixe it ???
>> host1:192.168.50.3/24
>> host :192.168.50.1/24
>> the Host_IPS is between them to inspect the traffic
>> the Host_IPS interfaces are up and with no ip address
>> here is my conf file
>> what can be the pb and how can I fixe it ???
>>
>>
>> On Thu, Jun 13, 2013 at 10:30 AM, mouna amani <
>> amani.smiai.insat at gmail.com> wrote:
>>
>>> I used NFQ to use surricata as an IPS
>>> I have three machines:
>>> -a host1
>>> -a host2
>>> -an IPS between them
>>>
>>> I followed the steps like in the official website
>>> I used iptables -I FORWARD -i eth0 -o eth1 -j NFQUEUE
>>> iptables -I FORWARD -i eth1 -o eth0 -j NFQUEUE and I check with iptables
>>> -vnL
>>>
>>> Then I run suricata -c /etct/suricata/suricata.conf -q 0
>>> Everthing went well .I only got a warning "no rules to be loaded from
>>> emerging-icmp.rules":I downloaded the file from web site and it is in the
>>> right place ".
>>> I guess it is only a warning it will not effect the IPS working well ?
>>> Then I tried to ping the host1 from host2 and I got the error
>>> destination unreachable .
>>> I think the IPS is blocking all the trafic including the good want
>>> I configured NFQ to work in accept/drop mode .I think it means that if
>>> the packets are for an attack they will be dropped ??
>>> I really need help because this is for my final project .
>>> What I did wrong and what should I check ?
>>>
>>> --
>>> *Amani smiai *
>>> *
>>> *
>>>
>>
>>
>>
>> --
>> *Amani smiai *
>> *
>> *
>>
>
>
>
> --
> *Amani smiai *
> *
> *
>
--
*Amani smiai *
*
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130613/251791b2/attachment-0002.html>
More information about the Oisf-users
mailing list