[Oisf-users] I did the installation of suricata as an IPS
mouna amani
amani.smiai.insat at gmail.com
Thu Jun 13 18:30:52 UTC 2013
and I am using copy-mode: ips
so I should see packets being dropped but all attacks are successful??
On Thu, Jun 13, 2013 at 8:16 PM, mouna amani <amani.smiai.insat at gmail.com>wrote:
> I don't get destination host unreachable ping is working .The IPS is
> working in AF_packet mode
> But the IPS is not blocking the attacks at all
> I am using emerging-rules that I downloaded from the site
> why my ips is not blocking the attacks ???that is very serious issue
>
>
>
> On Thu, Jun 13, 2013 at 6:55 PM, mouna amani <amani.smiai.insat at gmail.com>wrote:
>
>> It worked like magic the AF_packet tutorial thanks a lot .You really made
>> me happy ;)
>>
>>
>>
>> On Thu, Jun 13, 2013 at 1:23 PM, mouna amani <amani.smiai.insat at gmail.com
>> > wrote:
>>
>>> I did check with iptables -vnL
>>> the queue is empty meaning that IPS did not receive any packet
>>> what can be the pb and how can I fixe it ???
>>> host1:192.168.50.3/24
>>> host :192.168.50.1/24
>>> the Host_IPS is between them to inspect the traffic
>>> the Host_IPS interfaces are up and with no ip address
>>> here is my conf file
>>> what can be the pb and how can I fixe it ???
>>>
>>>
>>> On Thu, Jun 13, 2013 at 10:30 AM, mouna amani <
>>> amani.smiai.insat at gmail.com> wrote:
>>>
>>>> I used NFQ to use surricata as an IPS
>>>> I have three machines:
>>>> -a host1
>>>> -a host2
>>>> -an IPS between them
>>>>
>>>> I followed the steps like in the official website
>>>> I used iptables -I FORWARD -i eth0 -o eth1 -j NFQUEUE
>>>> iptables -I FORWARD -i eth1 -o eth0 -j NFQUEUE and I check with
>>>> iptables -vnL
>>>>
>>>> Then I run suricata -c /etct/suricata/suricata.conf -q 0
>>>> Everthing went well .I only got a warning "no rules to be loaded from
>>>> emerging-icmp.rules":I downloaded the file from web site and it is in the
>>>> right place ".
>>>> I guess it is only a warning it will not effect the IPS working well ?
>>>> Then I tried to ping the host1 from host2 and I got the error
>>>> destination unreachable .
>>>> I think the IPS is blocking all the trafic including the good want
>>>> I configured NFQ to work in accept/drop mode .I think it means that if
>>>> the packets are for an attack they will be dropped ??
>>>> I really need help because this is for my final project .
>>>> What I did wrong and what should I check ?
>>>>
>>>> --
>>>> *Amani smiai *
>>>> *
>>>> *
>>>>
>>>
>>>
>>>
>>> --
>>> *Amani smiai *
>>> *
>>> *
>>>
>>
>>
>>
>> --
>> *Amani smiai *
>> *
>> *
>>
>
>
>
> --
> *Amani smiai *
> *
> *
>
--
*Amani smiai *
*
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130613/40dcaf0e/attachment-0002.html>
More information about the Oisf-users
mailing list