New at Suricata - handel/understand alters of my OpenVPN server
-
Hi,
I'm new on IDS / Suricata and install it on my pfSense.
At the moment block is disabled and I try to learn and understand the alerts.I have some OpenVPN servers running and there are a lot of alters with this ip/ports:
06/07/2017 16:22:58 3 TCP Generic Protocol Command Decode 87.xxx.xxx.xxx 1194 88.xxx.xxx.xxx 47547 1:2210029 SURICATA STREAM ESTABLISHED invalid ack
How to handel this now, suppress my WAN address is not a good idea, because this will disable my complete WAN interface for IDS, right?
Suppress the src address doesn't make sense to me because this addresses change from time to time.How to handle this?
Thank you very much.