[Oisf-users] Strange behaviour of Suricata
Todor Petkov
petkovptodor at gmail.com
Wed Oct 19 10:13:02 UTC 2016
Hello,
I ran into a strange problem and I would appreciate if anyone can give
a hint what I am doing wrong.
My setup:
VM Centos7, kernel 3.10.0-327.36.2.el7.x86_64, suricata
suricata-3.1.2-1.el7.x86_64 (both installed from packages)
iptables-save -t filter -> http://pastebin.com/79VjZK09
suricata.yaml -> http://pastebin.com/ag0D2T8K
/etc/sysconfig/suricata -> OPTIONS="-q 0 -v -v -v"
When run Suricata in IPS mode, SSH/SMTP connections to the server are
being blocked. Running "nc SERVER 25 (or 22)" says connected, but no
banner comes out. The old ssh connection is working, because it's in
"ESTABLISHED" state.
If I stop suricata while nc is connected, the smtp banner goes out in
the session.
udp/53 is working fine - I can run nslookup on the server.
I can not find anything in the logs which says what causes this block/drop.
What I am doing wrong?
Thanks,
More information about the Oisf-users
mailing list