pm1961 Posted April 29, 2020 Share Posted April 29, 2020 A quick one which might help others........... I suddenly developed all sorts of issues with a mature, working flawlessly, multi Echo setup at home..... After a frustrating couple of days of fruitless searching, I bumped into a post on the Netgate forum that suggested Suricata might be the culprit...... I still don't know for sure, but since I disabled it, my Echo devices are all working perfectly again. Some questions are still unresolved..... Suricata was installed some time ago, so why did this problem take so long to manifest itself? I've looked at the alerts log..... nothing in them, or the reverse DNS lookup, points explicilty at anything to do with Amazon or Echo in plain text form..... I'd love to hear any background info if it's out there! Regards, Paul Quote Link to comment
bastl Posted April 30, 2020 Share Posted April 30, 2020 @pm1961 Suricata updates the snort rules depending how often you have set it up to check for new rulesets. It constantly gets updates, filters are added and removed. Maybe one of the newer sets there is a rule that detects parts of the eco communication as malicious and blocks them or drops the packets. I'am using Snort but it's basically the same as Suricata and from time to time I have to adjust the filters and whitlist some. I guess Suricata has a alerts or warning page where you will find the specific rule which gets triggered. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.