Recent content by faux123

I'm sorta sem-retired from Android scene for a few years now (I check in every once in a while to see what new cool things are happening with Android), with just a bit of spare time remaining (work + family), I hack a few things I use on a daily basis (such as AsusWRT and some small open source...

Did you load OpenAppID? My example rule was using OpenAppID to help filtering app specific traffic. Also check my 1st post where I posted my reference snort.lua file and see if you enabled OpenAppID correctly. Also use the Validation Cmdline to make sure all the rule sets are loaded properly.

The rules are loaded in RAM (or cached in RAM), so if you updated the rules, you need to restart snort. Also you need to make sure snort.lua knows where those rules are (if you haven't already pointed to them). You could probably automate this using a shell script using cron, the only thing...

The issues I had with IPV6 was related to the af_packet implementation of Suricata in IPS mode, I didn't look any further once I realized the bug in IPS mode. So I believe IDS mode is working fine esp with in pcap mode (which is the default if you followed the guided instructions).

USB 3.0 devices will generate what they called "spread spectrum" noises from ranging from 1 GHz all the way up to 7.5 GHz but its peak, however, is near 2.4 GHz range which is right at the 2.4 GHz WiFi bands.. It's not just the hub, any 3.0 devices operating in 3.0 mode will "radiate" this...

drop rules worked fine, just tested it, I added a rule to BLOCK facebook and when I tried to access facebook.com (and it didn't load) and I got this from the alert_fast.txt. drop tcp any any -> any any ( msg:"Facebook trafic Seen"; appids:"Facebook";sid:10000001; ) Here's my local.rules: drop...

I have my snort3 running for days, I had to stop and restart last night to check my settings before posting.. I didn't have any issues with sudden stoppage. Since I don't have AX88U, I would monitor the memory usage to make sure it didn't "run out of memory". Background: Linux kernel has a...

Thank you to RT-AX88U users, I have enough system stats.. it definitely looks like RT-AX88U is a CUT ABOVE my RT-AC86U as I expected. CPU, memory usage all looked much less stressed than mine, awesome!

can people with RT-AX88U post your system stats for me to salivate over ;) cat /proc/meminfo cat /proc/buddyinfo uptime Thanks!

This is compatible with Skynet (almost everything is since Skynet is using iptables for blocking so does not interfere with snort3, though because of the preset blocking rules from skynet, it means snort3 won't be looking at all those malicious sites already blocked by skynet).

Just monitor your temperatures closely, as long as it's below 100 degrees C (before router decides to thermal protect itself) you should be fine.

Try this, add -- from line 32 to line 35 (basically taking out the incorrect lua path setup)

reserved 1

What is Snort? It is an open source intrusion prevention system (IPS) capable of real-time traffic analysis and packet logging. Snort is an open source project under Gnu Public License (GPL) 2.0, it is an open source alternative to some of the proprietary IDS/IPS such as TrendMicro's AiProtect...

Another update to my forked firmware: https://github.com/faux123/asuswrt-merlin.ng/releases/tag/384.19.0-enh2 BTW, snort3 is working well as IPS, should I release it? Do people want another IPS tool (it will have high load so a fan or an ice box is required and will slow down internet speed...