Contact If you want to contact me, you can send me an email on my first name at the domain you are visiting. Socials: Mastodon Github – Suricata related Github – Vuurmuur & misc LinkedIn
Congrats on Suricata.
I am trying to get snort_inline in nfqueue mode working with my traffic shaping using imq, on the same box (before you crucify me i know its not the best idea).
All goes well both start with all their required kernel modules fine, not like the good ol’ip_queue days. However it seems it breaks iptables, did you run into any complications like this ?
Hi Kayvan, I have never tried using IMQ with Snort_inline or other NFQUEUE using programs. Does it work without IMQ? I seem to remember reading about IMQ having issues with ip_queue at the time, but my memory is fuzzy on this point.
I am trying to implement an IPS using Snort on solaris 10
Any help on this in kind of manuals, HOWTOs, etc, will be appreciated,
Why have you stopped working on Vuurmurr project? Ain’t you no more interested in its evolutioning? Honestly say, I find your project very useful indeed and I’d be glad to know it you’ll continue working on it at least some more time.
Ilya Egorov (Russia, Moscow)
Ilya, I’ve not abandoned Vuurmuur, development is just very slow. A couple of other guys are helping out as well, but they have limited time as well.
I’m going to integrate Vuurmuur in a new Linux OS called Fortress Linux, since I’m very satisfied about the features of your product.
Fortress Linux uses the Slackware package system (without forking Slackware) and I will contribute to your project when possible.
@Patatinux: cool, your project looks interesting. I do think it looks a bit “closed” though. Can’t find who is behind it, mailinglists don’t seem to have public archives, etc, etc. Makes it hard to see if the project is active and what direction it’s moving in.
Victor: Thank you. Even if it does not seem active, It is really alive, but I have to do it all by my own now since the other two developers left the team after a short time we started the project.
There was a FL release avaliable in the beginning. But I didn’t like it and I started all over again with an new and improved concept to attract more users in the future.
The main goal now is to replace a lot of software I wrote myself in the last 15 years (which where included into the first release I mentioned above) by possible better and more up-to-date software, which will be modified on its turn to fit the needs of the Fortress Linux OS. This will save me a lot of time maintaining the whole project including my own software. You know how much time it takes to maintain only the vuurmuur firewall.
The advanced new website takes some time to create (and to secure it). There is an preview of the new and more advanced Fortress Linux website on http://www.fortresslinux.nl
Anyway, the reason why I respond here again is that I also want to try out Suricata, but I cannot find some extensive details about it. The only thing I do not like are the funders of the Suricata project. Can it be used together with grsecurity?
Vuurmuur is a pretty nice program though it misses important features of iptables. But it’s better than many other webbased and gui-based firewalls. I have made some changes into the Vuurmuur software which I want to give back to you.
I work on Suricata combined with snort_inline, barnyard2, BASE web interface and nfqueue lib but i have a little problem with a “.h” file. Do you know where i can find a suricata’s Forum please ?
Thx a lot and good job !
I’m a master student in Networks and Telecommunications and with a colleague we are working on using a GPU to speed up some treatments of Suricata.
We saw that you already worked on this as a first implementation in CUDA, we are also planning to use CUDA for our project.
We are very interested in your work posted here :
Is it possible to have more information about your work ? Maybe some guidelines or ideas taht could help us ?
In addition, if it is possible for you to share some of the CUDA code you used, that could help us a lot to start with.
Thank you in advance,
I’m a security administrator and I’m looking for a way to configure Suricata to only alert when the source or the destination corresponds to a public IP, and not my internal network.
Is there a way to do that ?
I am a final year student at University and I am currently doing a project on IPv6 deployment and in particular its security aspect.
I would like to set up a lab at home where I can use IPv6 and test different transition mechanisms to connect to the IPv6 Internet and I would like to find out whether these mechanisms open up holes in security and how Snort can deal with it.
My home used Windows machines only. Because you have worked with IPv6 and in particular with Snort, is my experiment possible and could you give me some hints on how to do this or any links that may help me out?
@Ivan I’d suggest setting up a bunch of VM’s and installing and setting up the various software packages. Also there is a number of sites with pcaps for all kinds of traffic, including ip6 traffic. Google is your friend 🙂
@Cedric You can do that by setting up the HOME_NET and EXTERNAL_NET vars properly. Plz join our oisf-users mailinglist if you need more support.
@Daniel CUDA code is in Suricata’s Git tree.
@Guillaume our support uses mailinglists mostly, irc also works. You’ll find it through the oisf site.
Is it possible to have 2 userspace programs working with NFQUEUE, something like Snort and NuFW ?
@Bijoy Technically it is possible, we support a mode like that in Suricata. Whether Snort or NuFW will support it is something you will have to discuss with those projects.
Thanks alot :-). I’m currently working on a FOSS based UTM device…with Proxy, IDS/IPS, Firewall with L7 and VPN features 🙂
if you could, can you send me more details about: Suricata’s architecture and multithread mangement.
In particular i don’t understand how the detection is parallelized over a multicore system
Thanks in advances.
Is it possible to pass src,dst ip and port numbers to lua script from suricata rules?
Just i want tell you that the project vuurmuur is great and like so mouch. But i see at this time that the project is stopped. So i want know if the project continue or not. Well because the last version is 0.7 and the next is .0.8 but is a lot time that the project did not had updates.
Thank so much by you working great.
Can you send the mean of some command line in the video “suricata 2.0 installation” on youtube. Thanks