[FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Next Topic
 
classic Classic list List threaded Threaded
168 messages Options
1 ... 6789
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
I'm not sure what Itus had in mind, since I don't see a need for even the Bridge mode.  I can't see picking the transparent bridge over the router configuration but my use cases are pretty straight forward.

I've gotten success in starting to setup the individual modes.  Right now, I want to set it up so that everything is self-contained in a single image and sets itself up based on the slot it is put into.  It beats having to try and keep up across three repos.  Once I get it shaken out, I'll put up a router image for those who want to test.  I'll also be sending out an email to the forums registered users asking for test subjects :D.
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Turrican
Sign me up please :)
Looking forward to running v2
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
Turrican, I sent you an invite through Google Hangouts.
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
Gnomad,

I finally got Snort 3 to compile and install, but the current /etc/snort/rules/snort.rules error badly.  Any idea if there are changes between the 2.x and 3 rule defines?
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Gnomad
Yeah, looks like the syntax has changed.

There's separate v2 and v3 downloads available here https://www.snort.org/downloads/#rule-downloads for "community-rules".
But if we want to include the additional emerging threats I can only find reference to v2.9 https://rules.emergingthreats.net/open/ (snort-edge is also 2.9 based)

We can keep an eye out for changes, but I'd say v2.9 is working well enough for now.

Sorry for my radio silence too - super-busy period with work..



On Fri, 1 Nov 2019 at 14:14, Grommish [via Itus Networks Owners Forum] <[hidden email]> wrote:
Gnomad,

I finally got Snort 3 to compile and install, but the current /etc/snort/rules/snort.rules error badly.  Any idea if there are changes between the 2.x and 3 rule defines?
Running Itus Shield v2 Firmware



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1915.html
To unsubscribe from [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*, click here.
NAML
OpenWrt SNAPSHOT, r10391-3d8d528939
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
Well, see, thing is... Snort 2 kinda stopped working. They changed something that'll require me building snort without appid. One of the appid modules calls library calls that aren't available under musl (the toolchain), just x86.  So on one hand, 2.9.x can be made to work (probably) but without appid.

Or, go to 3 beta and get started early on the stuff. It has appid working.  If we can decide this, I can put the call for testing out and we can see if anyone answers. Maybe someone good at snort configs will show up. 3 should also offer a greater ability to set rules. Dunno.  Comments?

On Fri, Nov 1, 2019, 3:44 AM Gnomad [via Itus Networks Owners Forum] <[hidden email]> wrote:
Yeah, looks like the syntax has changed.

There's separate v2 and v3 downloads available here https://www.snort.org/downloads/#rule-downloads for "community-rules".
But if we want to include the additional emerging threats I can only find reference to v2.9 https://rules.emergingthreats.net/open/ (snort-edge is also 2.9 based)

We can keep an eye out for changes, but I'd say v2.9 is working well enough for now.

Sorry for my radio silence too - super-busy period with work..



On Fri, 1 Nov 2019 at 14:14, Grommish [via Itus Networks Owners Forum] <[hidden email]> wrote:
Gnomad,

I finally got Snort 3 to compile and install, but the current /etc/snort/rules/snort.rules error badly.  Any idea if there are changes between the 2.x and 3 rule defines?
Running Itus Shield v2 Firmware



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1915.html
To unsubscribe from [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*, click here.
NAML
OpenWrt SNAPSHOT, r10391-3d8d528939



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1916.html
To unsubscribe from [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*, click here.
NAML
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Gnomad
What's appid?  Benefits?

If we went to snort 3, I expect we'd be resigning ourselves to base community-rules for a while - I haven't seen any roadmap for emerging-threats to move to it anytime soon, and even if you can find snort-fluent Shield users I can't imagine any would have the bandwidth to maintain a 3.x equivalent set..

On Fri, 1 Nov 2019 at 15:55, Grommish [via Itus Networks Owners Forum] <[hidden email]> wrote:
Well, see, thing is... Snort 2 kinda stopped working. They changed something that'll require me building snort without appid. One of the appid modules calls library calls that aren't available under musl (the toolchain), just x86.  So on one hand, 2.9.x can be made to work (probably) but without appid.

Or, go to 3 beta and get started early on the stuff. It has appid working.  If we can decide this, I can put the call for testing out and we can see if anyone answers. Maybe someone good at snort configs will show up. 3 should also offer a greater ability to set rules. Dunno.  Comments?

On Fri, Nov 1, 2019, 3:44 AM Gnomad [via Itus Networks Owners Forum] <[hidden email]> wrote:
Yeah, looks like the syntax has changed.

There's separate v2 and v3 downloads available here https://www.snort.org/downloads/#rule-downloads for "community-rules".
But if we want to include the additional emerging threats I can only find reference to v2.9 https://rules.emergingthreats.net/open/ (snort-edge is also 2.9 based)

We can keep an eye out for changes, but I'd say v2.9 is working well enough for now.

Sorry for my radio silence too - super-busy period with work..



On Fri, 1 Nov 2019 at 14:14, Grommish [via Itus Networks Owners Forum] <[hidden email]> wrote:
Gnomad,

I finally got Snort 3 to compile and install, but the current /etc/snort/rules/snort.rules error badly.  Any idea if there are changes between the 2.x and 3 rule defines?
Running Itus Shield v2 Firmware



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1915.html
To unsubscribe from [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*, click here.
NAML
OpenWrt SNAPSHOT, r10391-3d8d528939



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1916.html
To unsubscribe from [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*, click here.
NAML
Running Itus Shield v2 Firmware



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1917.html
To unsubscribe from [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*, click here.
NAML
OpenWrt SNAPSHOT, r10391-3d8d528939
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
Just a quick update - I'm still alive! Yay!

Actually, I spent some time in hospital for what seems no reason.  I'm hoping to pick this back up shortly.

AppID identifies the filetype (using Magic File) of inbound files, regardless of their extension.  So you could block file types with mismatched extensions.  Also should allow a whitelisting of specific file types so the Shield won't scan them.

I'm going to have to dive back into the repos and see what's new, as well.
Running Itus Shield v2 Firmware
1 ... 6789