Is there any way to upgrade Community version 3.3.22 to version 5 or 6

Fixed it.  Do not know why I did not think of this sooner.

Translate to Section:
Type: IP
Insert IP: < I just added some random IP address that is not in our network. >
Port/Range: Blank
NAT: NAT

Ok so if anyone would read this in the future...

the problem was with community.rules set

while trying to test the config:

snort -T console -q -c /etc/snort/snort.conf -i eht0
ERROR: /var/signatures/snort/processed/custom/snort3-community.rules(16) Unknown rule option: 'service'.
Fatal Error, Quitting..

deleted community rule set trough gui and now everything works !

Hi !

using Endian community 3.3.21 OS on some miniPC with two ethernets.

trying to enable Intrusion detection system but although the switch is green, the status says its OFF.

Is there any bug or additional configuration needed to get this working ?

Or was the support for IDS canceled on community edition ?

Can someone please help ?

Thanks,

David.

Tengo instalado el Endian 3.3.2 pero no bloquea los sitios de youtube.com facebook.com en lista negra en web filter y es transparente, me podría ayudar,  de ante mano muchas gracias

Good Morning,

I'm installed a WiFi card TP-Link AC1200 that uses intel 7265 chip.
This is not recognized ad network wifi card.


the first one is the wifi card.

Any idea?

Thank you

the last one is the card

Hi all.

I am trying to use a third NIC (Apple USB ethernet adaptor) as a second uplink (for failover).  I had this working with a previous but old version of Endian (not the Community Edition).  However, the appropriate module (asix I believe) isn't available in the Community edition (v3.3.19).  

Any advice on how to get this Apple USB NIC (a1277) working with Endian CE?

lsusb shows:

Bus 001 Device 002: ID 05ac:1402 Apple, Inc. Ethernet Adapter [A1277]
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass          255 Vendor Specific Class
  bDeviceSubClass       255 Vendor Specific Subclass
  bDeviceProtocol         0
  bMaxPacketSize0        64
  idVendor           0x05ac Apple, Inc.
  idProduct          0x1402 Ethernet Adapter [A1277]
  bcdDevice            0.01
  iManufacturer           1 Apple Inc.
  iProduct                2 Apple USB Ethernet Adapter
  iSerial                 3 0E429C
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength           39
    bNumInterfaces          1
    bConfigurationValue     1
    iConfiguration          4 0
    bmAttributes         0xa0
      (Bus Powered)
      Remote Wakeup
    MaxPower              250mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           3
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol      0
      iInterface              7 0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0008  1x 8 bytes
        bInterval              11
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x03  EP 3 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
Device Qualifier (for other device speed):
  bLength                10
  bDescriptorType         6
  bcdUSB               2.00
  bDeviceClass          255 Vendor Specific Class
  bDeviceSubClass       255 Vendor Specific Subclass
  bDeviceProtocol         0
  bMaxPacketSize0         8
  bNumConfigurations      1
Device Status:     0x0000
  (Bus Powered)


Thanks.
HL

I could only manage to block requests from an IP pool by making a rule in Port Forwarding / Destination NAT.

Like:

Incoming IP: Uplink ANY
Translate to: A Local IP which takes most of the malicious requests. (Some docs say you can leave this empty but actually it wouldn't allow to be set empty.)
NAT: NAT
Filter Policy: DROP
Access From: Network/IP/Range

Is that really the way it should be set? Then I think I didn't understand the use case of Incoming routed traffic.

Hi,

I am creating a new rule to block some IP pools like this;

Source Type: Network/IP
Insert Network/IP: ..0.0/16
Destination: ANY. I also tried Zones -> Green
Service: ANY Protocol: ANY
Policy: DENY

But requests from this IP pool keep coming to the servers behind Endian. How does this really work?

Ok...I edited /etc/ssh/sshd_conf.tmpl and changed the settings there.  That did the trick.

HL