[Oisf-users] My Suricata cannot detect penetration in other computer

Davide Setti d.setti at certego.net
Thu Apr 9 06:58:09 UTC 2020


What is your network/interface configuration for suricata (both
suricata.yaml and host interfaces)?

Does your suricata host have a mirror/span port connected (if offline)?

Does the traffic from your kali to targets passes through suricata?

Il giorno gio 9 apr 2020 alle ore 01:59 yudhi ardiyanto <
yudhi.ardiyanto at gmail.com> ha scritto:

> I used HOME_NET with network 10.20.20.0/24. My IDS 10.20.20.174/24 (VM in
> Virtualbox), kali linux 10.20.20.82/24 (VM in Virtualbox) and My komputer
> 10.20.20.29.
>
> EXTERNAL_NET = any
>
> If i attack 10.20.20.174 with kalilinux 10.20.20.82 ===> Suricata detected
>
> If i attack 10.20.20.29 from kalilinux(10.20.20.82) ===> suricata not
> detected
>


-- 
<http://www.certego.net/>
Davide Setti
Security Platform Lead Engineer, Certego
<http://www.linkedin.com/company/certego>  <http://twitter.com/Certego_IRT>
<http://github.com/certego>  <http://www.youtube.com/CERTEGOsrl>
<http://plus.google.com/117641917176532015312>
Use of the information within this document constitutes acceptance for use
in an "as is" condition. There are no warranties with regard to this
information; Certego has verified the data as thoroughly as possible. Any
use of this information lies within the user's responsibility. In no event
shall Certego be liable for any consequences or damages, including direct,
indirect, incidental, consequential, loss of business profits or special
damages, arising out of or in connection with the use or spread of this
information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200409/c73c2c25/attachment-0001.html>


More information about the Oisf-users mailing list