I think I'm doing this wrong. I was trying to access the ruleset links from this page: https://suricata.readthedocs.io/en/latest/rules/intro.html
But I think I'm actually supposed to get the rulesets from somewhere else: https://suricata.readthedocs.io/en/latest/oinkmaster.html I can access Suricata, I'm just trying to figure out how all this works before I actually start to mess around with it on a server. On Thu, Oct 6, 2016 at 10:09 AM, <[email protected]> wrote: > You can't access suricata directly? > > ---------- Původní zpráva ---------- > Od: Tristan <[email protected]> > Komu: [email protected] > Datum: 6. 10. 2016 17:02:19 > Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or > Suricata or no IPS at all > > I may have just found a bigger problem: I can't access the Suricata > rulesets from my exit node. The website replies with "Error code 15, This > request was blocked by the security rules." When I try to wget the ruleset > from my exit node, I get error 403 forbidden. > > Even if Suricata ships with some basic rulesets, it looks like I wouldn't > be able to update them, because they block Tor exit nodes. Any ideas how to > get around that? > > On Thu, Oct 6, 2016 at 9:57 AM, <[email protected]> wrote: > > Our implementation of suricata is a little different. We've got one as IPS > (just few rules) and second as IDS (all rules (block of rules) are switched > on). In the log of IDS we determine which chains should be filtered and > then we filter them one by one on IPS. The main thing is to not to cut of > any of the customers (in our case). > > > ---------- Původní zpráva ---------- > Od: Tristan <[email protected]> > Komu: [email protected]. org <[email protected]> > Datum: 6. 10. 2016 16:50:33 > Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or > Suricata or no IPS at all > > Suricata allows direct access via the Tor network, Snort's website gave me > multiple failed Captchas before I could access anything. I'm going to do > some further research before I even think about implementing anything. > > How does one detect false positives when running an IPS? Do you just > frequently check the alerts and change the rules when necessary? > > On Thu, Oct 6, 2016 at 9:45 AM, Ralph Seichter <[email protected]> > wrote: > > On 06.10.16 16:24, [email protected] wrote: > > > The subject of this thread is: Intrusion Prevention System Software - > > Snort or Suricata > > Fixed that for you. ;-) > > > If the only thing you wanted to say was, that you're against that, > > we're probably done ;) > > Stating that I oppose the idea of IPS as means of automatic censorship > of Tor exit nodes is part of the discussion. > > -Ralph > ______________________________ _________________ > tor-relays mailing list > [email protected]. org <[email protected]> > https://lists.torproject.org/ cgi-bin/mailman/listinfo/tor- relays > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> > > > > > -- > Finding information, passing it along. ~SuperSluether > ______________________________ _________________ > tor-relays mailing list > [email protected]. org <[email protected]> > https://lists.torproject.org/ cgi-bin/mailman/listinfo/tor- relays > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> > > > ______________________________ _________________ > tor-relays mailing list > [email protected]. org <[email protected]> > https://lists.torproject.org/ cgi-bin/mailman/listinfo/tor- relays > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> > > > > > -- > Finding information, passing it along. ~SuperSluether > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > -- Finding information, passing it along. ~SuperSluether
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
