Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    ISC DSheild & pfSense

    General pfSense Questions
    2
    4
    298
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tleary last edited by

      I am reading "Cyberattack, Cybercrime, Cyberware" by Mark Osborne. There is a section that talks about ISC and ISPs using home routers as a distributed IDS collecting and  feeding information back to a C2. I was wondering if anyone knows if psSense has some sort of participation in something like this.

      Here is the excerpt.

      Storm Center
      The Internet Storm Center (ISC) is run by the SANS Institute and was formed in 2001
      following SANS’s work on the “Lion Worm.” Today, the ISC provides a free analysis and
      warning service to thousands of Internet users and organizations, and it is actively working
      with Internet Service Providers to fight back against the most malicious attackers. The ISC
      relies on an all-volunteer effort to detect problems and disseminate information to the
      general public.
      DShield builds on thousands of firewalls and home broadband devices to constantly
      collect information about unwanted traffic arriving from the Internet and hitting a deny
      rule. The logs generated from these devices are sucked into DSHIELD.
      DShield turns these fairly dumb devices into a large network of distributed sensors
      (distributed IDS). Additionally, ISC provides analysts to process these feeds into
      conclusions that can be sent back to the community.

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        There is script you can run…

        https://forum.pfsense.org/index.php?topic=138717.0

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

        1 Reply Last reply Reply Quote 0
        • T
          Tleary last edited by

          I got it all set up and thought I would share for ppl down the line.
          Download: dshield.php & dsheild.sample from: https://github.com/jullrich/dshieldpfsense
          Create an account at: https://www.dshield.org/
          Edit dshield.sample with your dshield.org information. Rename dshield.ini
          Transfer php and ini to a directory on your pfsense; connect with Putty.
          Make sure you enable SSH in the GUI.
          transfer : pscp dshield.ini user@192.168.1.2:e\ admin@192.168.1.1:/root/bin
          chmod +x /root/bin/dshield.ini - .ini
          In psSense GUI set up email notifications.
          cd /etc.  crontab -e  11,41 * * * * /root/bin/dsheild.php

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            Thanks!  I use to run this, but had yet to get it moved over to the sg-4860 once I switched to that from my vm setup.

            The summary emails from dshield were nice to get.  I will have set this back up soon.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

            1 Reply Last reply Reply Quote 0
            • First post
              Last post