What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Sparrows Suricata - IDS on AsusWRT Merlin

Jack-Sparr0w

Jack-Sparr0w

Senior Member
whitelisted firewall settings that reflect unbound config

I changed the values for whitelisting vpn and etc. does it look alright

%YAML 1.1
---

# Holds variables that would be used by the engine.
vars:

# Holds the address group vars that would be passed in a Signature.
address-groups:
HOME_NET: "[192.168.50.0/16,10.0.0.0/8,127.0.0.0/8,172.16.0.0/12,169.254.0.0/16]"
EXTERNAL_NET: "any"
DNS_SERVERS: "[103.86.96.100,103.86.99.100]"
SMTP_SERVERS: "$HOME_NET"
HTTP_SERVERS: "$HOME_NET"
SQL_SERVERS: "$HOME_NET"
TELNET_SERVERS: "$HOME_NET"
DNP3_SERVER: "$HOME_NET"
DNP3_CLIENT: "$HOME_NET"
MODBUS_SERVER: "$HOME_NET"
MODBUS_CLIENT: "$HOME_NET"
ENIP_SERVER: "$HOME_NET"
ENIP_CLIENT: "$HOME_NET"
FTP_SERVERS: "$HOME_NET"
SSH_SERVERS: "$HOME_NET"
VPN_IP: "[use vpn public ip add hear!!!!!!! and erase message if used or not used]"

# Holds the port group vars that would be passed in a Signature.
port-groups:
FTP_PORTS: "21"
HTTP_PORTS: "80"
ORACLE_PORTS: "1521"
SSH_PORTS: "29100"
SHELLCODE_PORTS: "!80"
DNP3_PORTS: "20000"
FILE_DATA_PORTS: "$HTTP_PORTS,110,143"
VPN_PORTS: "53,443,1194"
 
It’s probably best to ask in the thread that indicates how to install suricata on your router… I remember someone got it working a number of years ago (pre covid?) on a prior generation of routers, but this would be better on the more capable ones now…

Your sig doesn’t indicate your hardware or current firmware etc…
 
I seemed to recall @rgnldo a number of years ago had a thread about suricata

www.snbforums.com

Suricata - Suricata - IDS on AsusWRT Merlin

Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network...
www.snbforums.com www.snbforums.com
 
JGrana said:
I seemed to recall @rgnldo a number of years ago had a thread about suricata

www.snbforums.com

Suricata - Suricata - IDS on AsusWRT Merlin

Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network...
www.snbforums.com www.snbforums.com
Click to expand...
same guide i used just changed the values so it works with all other programs
 
JGrana said:
I seemed to recall @rgnldo a number of years ago had a thread about suricata

www.snbforums.com

Suricata - Suricata - IDS on AsusWRT Merlin

Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network...
www.snbforums.com www.snbforums.com
Click to expand...
That was it! Thanks for reminding us…
 
You must log in or register to reply here.

Similar threads

M
Suricata 4 on Asuswrt-Merlin
2
Replies
36
Views
12K
rgnldo
rgnldo
Similar threads
Thread starter Title Forum Replies Date
K AX3000v2 cant find lan port ids in cli Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,271 (members: 13, guests: 1,258)
Back
Top