New at Suricata - handel/understand alters of my OpenVPN server



  • Hi,

    I'm new on IDS / Suricata and install it on my pfSense.
    At the moment block is disabled and I try to learn and understand the alerts.

    I have some OpenVPN servers running and there are a lot of alters with this ip/ports:

    06/07/2017
    16:22:58 	3 	TCP 	Generic Protocol Command Decode 
    87.xxx.xxx.xxx 1194
    88.xxx.xxx.xxx 47547
    1:2210029
    SURICATA STREAM ESTABLISHED invalid ack
    

    How to handel this now, suppress my WAN address is not a good idea, because this will disable my complete WAN interface for IDS, right?
    Suppress the src address doesn't make sense to me because this addresses change from time to time.

    How to handle this?

    Thank you very much.


Log in to reply