Summary: | Snort VRT rules don't work | ||
---|---|---|---|
Product: | IPFire | Reporter: | Lucifer Cipher <lucifercipher> |
Component: | oinkmaster | Assignee: | Assigned to nobody - feel free to grab it and work on it <nobody> |
Status: | CLOSED DUPLICATE | QA Contact: | |
Severity: | - Unknown - | ||
Priority: | - Unknown - | CC: | michael.tremer, peter.mueller, stefan.schantl |
Version: | 2 | Flags: | michael.tremer:
needinfo+
|
Hardware: | unspecified | ||
OS: | Unspecified | ||
Attachments: | screenshot |
Description
Lucifer Cipher
2014-09-08 09:57:56 UTC
Please provide an error message about what went wrong there. Created attachment 219 [details]
screenshot
Further bug: Snort when enabled does not intercept traffic on Orange interface at all. Comment 3 is a duplicate of #10273. Does the main issue still exists in the latest available version of IPFire 2 - Core 88 or the testing release Core 89 ? Best regards, -Stefan Yes Stefan. Tested and the problem is still there. VRT rules are successfully loaded but my testing shows that IDS can't even detect portscans and advanced XSS and SQL injection attacks. (In reply to Lucifer Cipher from comment #5) > Yes Stefan. Tested and the problem is still there. VRT rules are > successfully loaded but my testing shows that IDS can't even detect > portscans and advanced XSS and SQL injection attacks. Core89 tested. Problem not resolved. (In reply to Stefan Schantl from comment #4) > Comment 3 is a duplicate of #10273. > > Does the main issue still exists in the latest available version of IPFire 2 > - Core 88 or the testing release Core 89 ? > > Best regards, > > -Stefan Tested again. Problem still exists. Please tell me what should i try at my end and I will try to help you guys out too for problem eradication. best regards. I can confirm that snort does not detect internal attacks from i.e. GREEN to i.e. ORANGE. If an attack is running against the firewall itself, the detection works. However, that is a duplicate of #10273. Currently working to find these snort bugs and fix them (see https://wiki.ipfire.org/devel/telco/2017-11-06). *** This bug has been marked as a duplicate of bug 10273 *** |