Re: What speeds are you getting while IDS / IPS is turned on
Posted by Grommish on Sep 12, 2020; 3:18am
URL: https://itus.accessinnov.com/What-speeds-are-you-getting-while-IDS-IPS-is-turned-on-tp2159p2162.html
And, just like that, by turning it to Active rather than Passive, I picked up a a bit of through-put
URL: https://itus.accessinnov.com/What-speeds-are-you-getting-while-IDS-IPS-is-turned-on-tp2159p2162.html
And, just like that, by turning it to Active rather than Passive, I picked up a a bit of through-put
root@OpenWrt:/etc/snort# snort -v -c /etc/snort/snort.lua -i eth0:br-lan --daq-d ir /usr/lib/daq --daq afpacket --daq-var debug --daq-var fanout_type=hash --daq- var fanout_flag=defrag -A alert_full --tweaks talos -Q -D -------------------------------------------------- o")~ Snort++ 3.0.0-247 -------------------------------------------------- Loading /etc/snort/snort.lua: ips dce_http_proxy wizard pop ftp_server ssl stream_icmp ftp_data dnp3 alerts telnet latency profiler dce_udp alert_fast daq classifications imap references binder appid ftp_client smtp gtp_inspect port_scan dce_tcp back_orifice ssh rpc_decode normalizer stream_tcp modbus http2_inspect http_inspect arp_spoof stream_user stream_udp stream_ip stream_file stream dce_http_server dce_smb sip file_id dns Finished /etc/snort/snort.lua. Loading builtin: Finished builtin. Loading /etc/snort/snort3-community-rules/snort3-community.rules: Finished /etc/snort/snort3-community-rules/snort3-community.rules. -------------------------------------------------- rule counts total rules loaded: 1300 text rules: 829 builtin rules: 471 option chains: 1300 chain headers: 46 -------------------------------------------------- port rule counts tcp udp icmp ip any 534 3 0 0 src 124 3 0 0 dst 539 98 0 0 both 0 1 0 0 total 1197 105 0 0 -------------------------------------------------- flowbits defined: 20 not checked: 11 not set: 3 -------------------------------------------------- service rule counts - tcp to-srv to-cli dns: 1 0 ftp: 7 2 ftp-data: 0 8 http: 485 92 imap: 0 8 irc: 4 1 netbios-ssn: 15 1 pop3: 0 8 smtp: 16 0 ssl: 14 31 telnet: 1 0 total: 543 151 -------------------------------------------------- service rule counts - udp to-srv to-cli dns: 88 2 http: 4 0 total: 92 2 -------------------------------------------------- fast pattern port groups src dst any packet: 13 24 2 -------------------------------------------------- fast pattern service groups to-srv to-cli packet: 10 6 key: 1 0 header: 1 4 body: 1 0 file: 2 4 -------------------------------------------------- search engine instances: 65 patterns: 2719 pattern chars: 49786 num states: 38972 num match states: 2649 memory scale: MB total memory: 1.04895 pattern memory: 0.151139 match list memory: 0.384735 transition memory: 0.505138 Binder Wizard Normalizer config: ip4.base: on ip4.df: off ip4.rf: off ip4.tos: off ip4.trim: off ip4.ttl: on (min=1, new=5) icmp4: off icmp6: off tcp.ecn: off tcp.block: on tcp.rsv: on tcp.pad: on tcp.req_urg: on tcp.req_pay: on tcp.req_urp: on tcp.urp: on tcp.opt: on (allow ) tcp.ips: on tcp.trim_syn: off tcp.trim_rst: off tcp.trim_win: off tcp.trim_mss: off Stream ICMP config: Timeout: 30 seconds Stream IP config: Timeout: 30 seconds Defrag engine config: engine-based policy: LINUX Fragment timeout: 30 seconds Fragment min_ttl: 1 Max frags: 8192 Max overlaps: 0 Min fragment Length: 0 Stream UDP config: Timeout: 30 seconds Stream user config: Timeout: 30 seconds Stream TCP Policy config: Reassembly Policy: bsd Timeout: 30 seconds Maximum number of bytes to queue per session: 1048576 Maximum number of segs to queue per session: 2621 Require 3-Way Handshake: NO back_orifice arpspoof configured HttpInspect DNS POP config: Base64 Decoding: Enabled Base64 Decoding Depth: 1460 Quoted-Printable Decoding: Enabled Quoted-Printable Decoding Depth: 1460 Unix-to-Unix Decoding: Enabled Unix-to-Unix Decoding Depth: 1460 Non-Encoded MIME attachment Extraction: Enabled Non-Encoded MIME attachment Extraction Depth: 1460 SIP config: Max number of dialogs in a session: 4 (Default) Ignore media channel: DISABLED Max URI length: 256 (Default) Max Call ID length: 256 (Default) Max Request name length: 20 (Default) Max From length: 256 (Default) Max To length: 256 (Default) Max Via length: 1024 (Default) Max Contact length: 256 (Default) Max Content length: 1024 (Default) Methods: invite cancel ack bye register options DCE SMB config: Defragmentation: ENABLED Max Fragment length: 65535 Policy : WinXP Reassemble Threshold : 0 SMB fingerprint policy : Disabled Maximum SMB command chaining: 3 Maximum SMB compounded requests: 3 SMB file inspection: Disabled SMB valid versions : all ftp_server: Check for Telnet Cmds: OFF Ignore Telnet Cmd Operations: OFF Ignore open data channels: NO Check for Encrypted Traffic: OFF Continue to check encrypted data: NO SSL config: DNP3 config: Check CRC: DISABLED TELNET CONFIG: Are You There Threshold: -1 Normalize: NO Check for Encrypted Traffic: OFF Continue to check encrypted data: NO DCE UDP config: Defragmentation: ENABLED Max Fragment length: 65535 SMTP Config: Normalize: none Ignore Data: No Ignore TLS Data: No Max Command Line Length: Unlimited Max Specific Command Line Length: None Max Header Line Length: Unlimited Max Auth Command Line Length: 1000 Max Response Line Length: Unlimited X-Link2State Enabled: Yes Drop on X-Link2State Alert: No Alert on commands: None Base64 Decoding: Enabled Base64 Decoding Depth: 1464 Quoted-Printable Decoding: Enabled Quoted-Printable Decoding Depth: 1464 Unix-to-Unix Decoding: Enabled Unix-to-Unix Decoding Depth: 1464 Non-Encoded MIME attachment Extraction: Enabled Non-Encoded MIME attachment Extraction Depth: 1464 Log Attachment filename: Enabled Log MAIL FROM Address: Not Enabled Log RCPT TO Addresses: Not Enabled Log Email Headers: Not Enabled Http2Inspect IMAP config: Base64 Decoding: Enabled Base64 Decoding Depth: 1460 Quoted-Printable Decoding: Enabled Quoted-Printable Decoding Depth: 1460 Unix-to-Unix Decoding: Enabled Unix-to-Unix Decoding Depth: 1460 Non-Encoded MIME attachment Extraction: Enabled Non-Encoded MIME attachment Extraction Depth: 1460 rpc_decode SSH config: Max Encrypted Packets: 25 Max Server Version String Length: 80 MaxClientBytes: 19600 DCE TCP config: Defragmentation: ENABLED Max Fragment length: 65535 Policy : WinXP Reassemble Threshold : 0 AppId Configuration Detector Path: (null) appSt[ 3181.127107] device br-lan entered promiscuous mode ats Logging: disabled appStats Period: 300 secs appStats Rollover Size: 20971520 bytes appStats Rollover time: 86400 secs Portscan Detection Config: Detect Protocols: TCP UDP ICMP IP Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Memcap (in bytes): 1048576 Number of Nodes: 6898 -------------------------------------------------- afpacket DAQ configured to inline. initializing daemon mode child process is 4051 Commencing packet processing ++ [0] eth0:br-lan root@OpenWrt:/etc/snort# Version: 1 Header Length: 32 AFPacket Layout: Frame Size: 1584 Frames: 21180 Block Size: 32768 (Order 3) Blocks: 1059 Created a ring of type 5 with total size of 34701312 AFPacket Layout: Frame Size: 1584 Frames: 21180 Block Size: 32768 (Order 3) Blocks: 1059 Created a ring of [ 3181.211105] device eth0 entered promiscuous mode type 13 with total size of 34701312 Version: 1 Header Length: 32 AFPacket Layout: Frame Size: 1584 Frames: 21180 Block Size: 32768 (Order 3) Blocks: 1059 Created a ring of type 5 with total size of 34701312 AFPacket Layout: Frame Size: 1584 Frames: 21180 Block Size: 32768 (Order 3) Blocks: 1059 Created a ring of type 13 with total size of 34701312
Running Itus Shield v2 Firmware
| Free forum by Nabble | Edit this page |