Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New at Suricata - handel/understand alters of my OpenVPN server

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 388 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      slu
      last edited by

      Hi,

      I'm new on IDS / Suricata and install it on my pfSense.
      At the moment block is disabled and I try to learn and understand the alerts.

      I have some OpenVPN servers running and there are a lot of alters with this ip/ports:

      06/07/2017
16:22:58 	3 	TCP 	Generic Protocol Command Decode 
87.xxx.xxx.xxx 1194
88.xxx.xxx.xxx 47547
1:2210029
SURICATA STREAM ESTABLISHED invalid ack

      How to handel this now, suppress my WAN address is not a good idea, because this will disable my complete WAN interface for IDS, right?
      Suppress the src address doesn't make sense to me because this addresses change from time to time.

      How to handle this?

      Thank you very much.

      pfSense Gold subscription

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.