Netgate SG-1000 microFirewall

Author Topic: ISC DSheild & pfSense  (Read 149 times)

0 Members and 1 Guest are viewing this topic.

Offline senseii

  • Newbie
  • *
  • Posts: 11
  • Karma: +2/-0
    • View Profile
ISC DSheild & pfSense
« on: January 23, 2018, 03:28:43 pm »
I am reading "Cyberattack, Cybercrime, Cyberware" by Mark Osborne. There is a section that talks about ISC and ISPs using home routers as a distributed IDS collecting and  feeding information back to a C2. I was wondering if anyone knows if psSense has some sort of participation in something like this.

Here is the excerpt.

Storm Center
The Internet Storm Center (ISC) is run by the SANS Institute and was formed in 2001
following SANS’s work on the “Lion Worm.” Today, the ISC provides a free analysis and
warning service to thousands of Internet users and organizations, and it is actively working
with Internet Service Providers to fight back against the most malicious attackers. The ISC
relies on an all-volunteer effort to detect problems and disseminate information to the
general public.
DShield builds on thousands of firewalls and home broadband devices to constantly
collect information about unwanted traffic arriving from the Internet and hitting a deny
rule. The logs generated from these devices are sucked into DSHIELD.
DShield turns these fairly dumb devices into a large network of distributed sensors
(distributed IDS). Additionally, ISC provides analysts to process these feeds into
conclusions that can be sent back to the community.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15153
  • Karma: +1413/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: ISC DSheild & pfSense
« Reply #1 on: January 23, 2018, 03:36:23 pm »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline senseii

  • Newbie
  • *
  • Posts: 11
  • Karma: +2/-0
    • View Profile
Re: ISC DSheild & pfSense
« Reply #2 on: January 25, 2018, 11:11:23 am »
I got it all set up and thought I would share for ppl down the line.
Download: dshield.php & dsheild.sample from: https://github.com/jullrich/dshieldpfsense
Create an account at: https://www.dshield.org/
Edit dshield.sample with your dshield.org information. Rename dshield.ini
Transfer php and ini to a directory on your pfsense; connect with Putty.
Make sure you enable SSH in the GUI.
transfer : pscp dshield.ini user@192.168.1.2:e\ admin@192.168.1.1:/root/bin
chmod +x /root/bin/dshield.ini - .ini
In psSense GUI set up email notifications.
cd /etc.   crontab -e  11,41 * * * * /root/bin/dsheild.php

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15153
  • Karma: +1413/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: ISC DSheild & pfSense
« Reply #3 on: January 25, 2018, 12:08:35 pm »
Thanks!  I use to run this, but had yet to get it moved over to the sg-4860 once I switched to that from my vm setup.

The summary emails from dshield were nice to get.  I will have set this back up soon.

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)