Re: [pfSense] add Blocking in suricata just for some IPs
that was just an example what i can see in kibana with suricata, i see a lot of more thinks in my dashboard ;) for example compromised websites and so in. > Am 21.06.2016 um 00:17 schrieb Steve Yates : > > pfBlockerNG blocks by country, which is what your image showed. > > One caveat to country blocking is Microsoft has started using IPv4 blocks > allocated to it in other countries for its Azure service, since they ran out. > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Eschner > Sent: Monday, June 20, 2016 4:41 PM > To: pfSense Support and Discussion Mailing List > Subject: Re: [pfSense] add Blocking in suricata just for some IPs > > pfblocker is a L7 IDS/IPS Protection? > > > >> Am 20.06.2016 um 22:26 schrieb Ducky BUNG : >> >> Use pfblocker package for this. >> >> >> >> On 06/20/2016 08:27 PM, Daniel Eschner wrote: >>> Hi to everyone, >>> >>> is it possible to add blocking mode just to some IPs from a /24 Network? >>> I want to run that in test mode to see who much false positiv i will see ;) >>> >>> Cheers >>> >>> Daniel >>> >>> >>> ___ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >>> >> >> -- >> Markets can remain irrational longer than you can remain solvent. >> >> — John Maynard Keynes >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] add Blocking in suricata just for some IPs
pfBlockerNG blocks by country, which is what your image showed. One caveat to country blocking is Microsoft has started using IPv4 blocks allocated to it in other countries for its Azure service, since they ran out. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Eschner Sent: Monday, June 20, 2016 4:41 PM To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] add Blocking in suricata just for some IPs pfblocker is a L7 IDS/IPS Protection? > Am 20.06.2016 um 22:26 schrieb Ducky BUNG : > > Use pfblocker package for this. > > > > On 06/20/2016 08:27 PM, Daniel Eschner wrote: >> Hi to everyone, >> >> is it possible to add blocking mode just to some IPs from a /24 Network? >> I want to run that in test mode to see who much false positiv i will see ;) >> >> Cheers >> >> Daniel >> >> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > > -- > Markets can remain irrational longer than you can remain solvent. > > — John Maynard Keynes > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] add Blocking in suricata just for some IPs
pfblocker is a L7 IDS/IPS Protection? > Am 20.06.2016 um 22:26 schrieb Ducky BUNG : > > Use pfblocker package for this. > > > > On 06/20/2016 08:27 PM, Daniel Eschner wrote: >> Hi to everyone, >> >> is it possible to add blocking mode just to some IPs from a /24 Network? >> I want to run that in test mode to see who much false positiv i will see ;) >> >> Cheers >> >> Daniel >> >> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > > -- > Markets can remain irrational longer than you can remain solvent. > > — John Maynard Keynes > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] add Blocking in suricata just for some IPs
Use pfblocker package for this. On 06/20/2016 08:27 PM, Daniel Eschner wrote: Hi to everyone, is it possible to add blocking mode just to some IPs from a /24 Network? I want to run that in test mode to see who much false positiv i will see ;) Cheers Daniel ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- Markets can remain irrational longer than you can remain solvent. — John Maynard Keynes ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] add Blocking in suricata just for some IPs
And this way shouldnt work because i want that the source gets blocked. Pass-Lists a only for Source IPs. So i wouldnt like to block my own network ;) Lets say that Suricata just check the traffic just for serval IPs from a network. I am sure i saw such kind of configuration. > Am 20.06.2016 um 20:31 schrieb Steve Yates : > > You should be able to go the other direction and set up a pass list > that allows everything but these IPs. Remember to add the pass list to the > interface though. > > However if you just enable the alerting and select to not automatically > block the bad traffic that may be easier. > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Eschner > Sent: Monday, June 20, 2016 1:28 PM > To: pfSense Support and Discussion Mailing List > Subject: [pfSense] add Blocking in suricata just for some IPs > > Hi to everyone, > > is it possible to add blocking mode just to some IPs from a /24 Network? > I want to run that in test mode to see who much false positiv i will see ;) > > Cheers > > Daniel > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] add Blocking in suricata just for some IPs
Just alerting is enabled but not sure if it works like i which ;) i Build me a Dashboard in kibana https://www.dropbox.com/s/ty6rfrd6y5z3gqd/Screenshot%202016-06-20%2020.37.26.png?dl=0 <https://www.dropbox.com/s/ty6rfrd6y5z3gqd/Screenshot%202016-06-20%2020.37.26.png?dl=0> But i dont see what is getting blocked ;) Its just for information ;) > Am 20.06.2016 um 20:31 schrieb Steve Yates : > > You should be able to go the other direction and set up a pass list > that allows everything but these IPs. Remember to add the pass list to the > interface though. > > However if you just enable the alerting and select to not automatically > block the bad traffic that may be easier. > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Eschner > Sent: Monday, June 20, 2016 1:28 PM > To: pfSense Support and Discussion Mailing List > Subject: [pfSense] add Blocking in suricata just for some IPs > > Hi to everyone, > > is it possible to add blocking mode just to some IPs from a /24 Network? > I want to run that in test mode to see who much false positiv i will see ;) > > Cheers > > Daniel > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] add Blocking in suricata just for some IPs
You should be able to go the other direction and set up a pass list that allows everything but these IPs. Remember to add the pass list to the interface though. However if you just enable the alerting and select to not automatically block the bad traffic that may be easier. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Eschner Sent: Monday, June 20, 2016 1:28 PM To: pfSense Support and Discussion Mailing List Subject: [pfSense] add Blocking in suricata just for some IPs Hi to everyone, is it possible to add blocking mode just to some IPs from a /24 Network? I want to run that in test mode to see who much false positiv i will see ;) Cheers Daniel ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] add Blocking in suricata just for some IPs
On Mon, Jun 20, 2016 at 1:27 PM, Daniel Eschner wrote: > Hi to everyone, > > is it possible to add blocking mode just to some IPs from a /24 Network? > I want to run that in test mode to see who much false positiv i will see ;) > > Cheers > > Daniel > > > __ > What? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] add Blocking in suricata just for some IPs
Hi to everyone, is it possible to add blocking mode just to some IPs from a /24 Network? I want to run that in test mode to see who much false positiv i will see ;) Cheers Daniel ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
