Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Hugovsky

Pages: [1] 2 3 4 5 ... 19
1
2.4.3.a.20180303.2038 with clean install with same problem.

Edit: Not exactly the same error. This appears at gui:

Parse error: syntax error, unexpected 'conf_path' (T_STRING) in /usr/local/www/wizard.php(194) : eval()'d code on line 1

2
2.4 Development Snapshots / Re: Gateway monitor help
« on: February 03, 2018, 04:07:44 am »
Check system -> Routing -> Gateways -> edit.

3
pfBlockerNG / Re: pfBlockerNG v2.1 w/TLD
« on: January 29, 2018, 04:17:34 am »
I'm having problems with iOS 11.3 BETA. It seems that safari can't go to 0.0.0.0 and pages can't load. Solution was to reinstall package and use the VIP address, as I was using the certificate hack and 0.0.0.0.

4
pfBlockerNG / Re: pfBlockerNG v2.0 w/DNSBL
« on: January 29, 2018, 03:56:53 am »
I'm having problems with iOS 11.3 BETA. It seems that safari can't go to 0.0.0.0 and pages can't load. Solution was to reinstall package and use the VIP address, as I was using the certificate hack and 0.0.0.0.

EDIT: Sorry, wrong version. I'm on 2.1.

5
2.4 Development Snapshots / Re: [SOLVED]NTP not working
« on: January 22, 2018, 08:50:28 am »
Yes, you're right. I'm not blaming suricata. It's my fault. And intended. I will correct that rule to include ntp. Do you think I should delete the thread so people don't be confused?

6
2.4 Development Snapshots / Re: [SOLVED]NTP not working
« on: January 22, 2018, 08:13:49 am »
Hi bmeeks. I don't use any rule from emerging threats. From a few updates back, I had to enable ntp on wan so it talk to ntp servers. Since then, my ntp peers started to get blocked. I have ntp enabled on all interfaces except one.

I'm only using this rules in custom rules:

Code: [Select]
drop tcp $EXTERNAL_NET [0:1023] -> $HOME_NET [0:1023] (msg:"Golden Rule BAD TCP"; classtype:attempted-recon; sid:9900001; rev:1;)
drop udp $EXTERNAL_NET [0:1023] -> $HOME_NET [0:1023,![53,67,68,500,4500]] (msg:"Golden Rule BAD UDP"; classtype:attempted-recon; sid:9900002; rev:1;)
drop udp $EXTERNAL_NET any -> $HOME_NET [0:1023,![53,500]] (msg:"Golden Rule NO SERVER UDP"; classtype:network-scan; sid:9900003; rev:1;)
drop tcp $EXTERNAL_NET any -> $HOME_NET [0:1023,![21,53,80,443,8080]] (msg:"Golden Rule NO SERVER TCP"; classtype:network-scan; sid:9900004; rev:2;)

# Authors: Jayden Zheng (@fuseyjz) and Wei-Chea Ang (@77_6A)
# Company: Countercept
# Website: https://countercept.com
# Twitter: @countercept

alert tcp any any -> $HOME_NET 445 (msg:"DOUBLEPULSAR SMB implant - Unimplemented Trans2 Session Setup Subcommand Request"; flow:to_server, established; content:"|FF|SMB|32|"; depth:5; offset:4; content:"|0E 00|"; distance:56; within:2; reference:url,https://twitter.com/countercept/status/853282053323935749; sid:1618009; classtype:attempted-user; rev:1;)
alert tcp $HOME_NET 445 -> any any (msg:"DOUBLEPULSAR SMB implant - Unimplemented Trans2 Session Setup Subcommand - 81 Response"; flow:to_client, established; content:"|FF|SMB|32|"; depth:5; offset:4; content:"|51 00|"; distance:25; within:2; reference:url,https://twitter.com/countercept/status/853282053323935749; sid:1618008; classtype:attempted-user; rev:1;)
alert tcp $HOME_NET 445 -> any any (msg:"DOUBLEPULSAR SMB implant - Unimplemented Trans2 Session Setup Subcommand - 82 Response"; flow:to_client, established; content:"|FF|SMB|32|"; depth:5; offset:4; content:"|52 00|"; distance:25; within:2; reference:url,https://twitter.com/countercept/status/853282053323935749; sid:1618010; classtype:attempted-user; rev:1;)


#forum
drop tcp $EXTERNAL_NET [1024:65535] -> $HOME_NET [3389] (msg:"Admin Rule NO SERVER RDP TCP"; classtype:network-scan; sid:990050; rev:1;)
drop tcp $EXTERNAL_NET [1024:65535] -> $HOME_NET [5500] (msg:"Admin Rule NO SERVER VNC TCP"; classtype:network-scan; sid:990052; rev:1;)
drop tcp $EXTERNAL_NET [1024:65535] -> $HOME_NET [5800] (msg:"Admin Rule NO SERVER VNC TCP"; classtype:network-scan; sid:990053; rev:1;)
drop tcp $EXTERNAL_NET [1024:65535] -> $HOME_NET [5900] (msg:"Admin Rule NO SERVER VNC TCP"; classtype:network-scan; sid:990054; rev:1;)
drop tcp $EXTERNAL_NET [1024:65535] -> $HOME_NET [4899] (msg:"Admin Rule NO SERVER RADMIN TCP"; classtype:network-scan; sid:990055; rev:1;)
drop tcp $EXTERNAL_NET [1024:65535] -> $HOME_NET [1433] (msg:"Admin Rule NO SERVER MSSQL TCP"; classtype:network-scan; sid:990057; rev:1;)
drop tcp $EXTERNAL_NET [1024:65535] -> $HOME_NET [5060] (msg:"Admin Rule NO SERVER SIP TCP"; classtype:network-scan; sid:990059; rev:1;)
drop udp $EXTERNAL_NET [1024:65535] -> $HOME_NET [5060] (msg:"Admin Rule NO SERVER SIP UDP"; classtype:attempted-recon; sid:9900060; rev:1;)
drop tcp $EXTERNAL_NET [1024:65535] -> $HOME_NET [8172] (msg:"Admin Rule NO SERVER IIS TCP"; classtype:network-scan; sid:990061; rev:1;)
drop tcp $EXTERNAL_NET [1024:65535] -> $HOME_NET [31337] (msg:"Admin Rule NO SERVER Back Orifice TCP"; classtype:network-scan; sid:990063; rev:1;)
drop tcp $EXTERNAL_NET [1024:65535] -> $HOME_NET [47001] (msg:"Admin Rule NO SERVER WinRM TCP"; classtype:network-scan; sid:990064; rev:1;)

EDIT: Only using WAN interface with suricata. And I do have some internal servers.

7
2.4 Development Snapshots / [SOLVED] NTP not working
« on: January 19, 2018, 06:46:06 pm »
Found it! Suricata was blocking it. Sorry to waste your time. All is good now.


8
2.4 Development Snapshots / Re: NTP not working
« on: January 19, 2018, 06:18:34 pm »
Details:

SM A1SRi 2558 with 16GB

2.4.3-DEVELOPMENT (amd64)
built on Wed Jan 17 16:06:08 CST 2018
FreeBSD 11.1-RELEASE-p6

freeradius3 0.15.3
haproxy 0.54_2       
pfBlockerNG 2.1.2_2   
suricata 4.0.3_1


9
2.4 Development Snapshots / [SOLVED]NTP not working
« on: January 19, 2018, 06:09:28 pm »
I think I have a problem with NTP service. Seems not to be working maybe arround 27th December onward. I tried everything I can remember and can't make it work. I've attached a pic of ntp status page. No special config except I've selected only 3 interfaces. But it was already running that way a long time ago. No errors in log. Any ideas?

Code: [Select]
Jan 20 00:07:53 ntpd 58466 Listening on routing socket on fd #34 for interface updates
Jan 20 00:07:53 ntpd 58466 Listen normally on 13 igb2.600 192.168.54.1:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 12 igb2.600 [fe80::ec4:7aff:fe6a:bc5a%15]:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 11 igb1.500 192.168.53.1:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 10 igb1.500 [fe80::ec4:7aff:fe6a:bc59%13]:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 9 igb1.400 192.168.52.1:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 8 igb1.400 [fe80::ec4:7aff:fe6a:bc59%12]:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 7 igb1.3 10.10.10.2:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 6 igb1.3 10.10.10.1:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 5 igb1.3 192.168.50.1:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 4 igb1.3 [fe80::ec4:7aff:fe6a:bc59%11]:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 3 igb1.120 10.1.2.1:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 2 igb1.120 [fe80::ec4:7aff:fe6a:bc59%9]:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 1 lo0 127.0.0.1:123
Jan 20 00:07:53 ntpd 58466 Listen normally on 0 lo0 [::1]:123
Jan 20 00:07:53 ntpd 58466 proto: precision = 0.190 usec (-22)
Jan 20 00:07:53 ntpd 58181 Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
Jan 20 00:07:53 ntpd 58181 ntpd 4.2.8p10@1.3728-o Mon Apr 3 21:03:28 UTC 2017 (1): Starting

10
General Questions / Re: Intel CPUs Massive Security Flaw issue
« on: January 03, 2018, 05:03:27 pm »

12
General Questions / Re: Intel CPUs Massive Security Flaw issue
« on: January 03, 2018, 02:36:29 pm »
If I have to trade speed for security, I choose security every time. With Intel, it used to be a win-win but, with recent news... I just don't believe it so blindly anymore. Of course AMD is not the cure to all your problems but it sure starts to seem a little better.

13
General Questions / Re: Intel CPUs Massive Security Flaw issue
« on: January 03, 2018, 11:15:07 am »
Intel is just becoming more and more disappointing. I think it's time to start looking to AMD or others...

14
Cache/Proxy / Re: HAproxy - configuration help - Beginner
« on: December 23, 2017, 06:03:07 pm »
Lastly, in my Action rule if the request does not match any of the ACL action rules I have setup the requester is redirected to a dead node.  I learned this from a friend that used it to address IP block port scanning and brute-force attacks that found his WAN.  The only other thing I think you could do is setup HTTP monitoring on your backend resources in order stop forwarding in the event that it goes down. 

Very nice. Can you tell how to achieve this? TIA.

One more thing. Why use a Virtual IP?

15
2.4 Development Snapshots / Re: Restore file question
« on: December 15, 2017, 06:02:06 am »
Yes, you can.

Pages: [1] 2 3 4 5 ... 19