Community discussions

 
andrewe02000
newbie
Topic Author
Posts: 25
Joined: Tue Aug 28, 2012 6:33 am

Feature Request: Suricata

Tue Mar 04, 2014 7:23 am

I'm requesting that Suricata be included in ROS 7.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24277
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: Suricata

Tue Mar 04, 2014 8:51 am

thank you for the suggestion, we will look into it.
No answer to your question? How to write posts
 
User avatar
EMOziko
Member Candidate
Member Candidate
Posts: 129
Joined: Mon Aug 23, 2010 9:42 pm
Location: Georgia

Re: Feature Request: Suricata

Fri Mar 14, 2014 7:16 pm

+1 for IDS/IPS system. (suricata is the best option).
We want new versions of The Dude!!!!!!!
 
User avatar
shahbazian
Trainer
Trainer
Posts: 166
Joined: Fri Sep 09, 2011 6:22 pm
Location: Iran
Contact:

Re: Feature Request: Suricata

Fri Mar 21, 2014 10:33 pm

+1, In routerOS vacancies IDS/IPS can be seen
Learn MikroTik to improve your network.
( MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME, MTCIPv6E, MTCINE )
MikroTik Certified Trainer & Consultant
RIPE NCC Trainer
 
andrewe02000
newbie
Topic Author
Posts: 25
Joined: Tue Aug 28, 2012 6:33 am

Re: Feature Request: Suricata

Sun Feb 01, 2015 5:09 am

Thank you for listening and looking into it.
 
friction
newbie
Posts: 40
Joined: Sun Aug 26, 2012 1:27 pm
Location: Werchter, Belgium

Re: Feature Request: Suricata

Thu Feb 19, 2015 3:38 pm

+1 for suricata on Mikrotik CCR (and x86 I suppose)

If you can bind that into firewall policies... "action=inspect" etc...
That would be totally fine ;)
I am not a complete idiot, some parts are missing. [CCNA Sec / CCNP / LPIC-1]
 
vortex
Forum Veteran
Forum Veteran
Posts: 714
Joined: Sat Feb 16, 2013 6:10 pm

Re: Feature Request: Suricata

Sun Feb 22, 2015 1:12 pm

+1 This was already asked for.
 
russman
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Thu May 20, 2010 7:23 pm

Re: Feature Request: Suricata

Fri Mar 06, 2015 4:34 pm

+1 Suricata in ROS 7. Many of my corporate customers are starting to get mandates that all their branch offices have to have firewalls with IDS/IPS built in. I've had to stop deploying MikroTik and have been forced to replace Mikrotik routers because of it. I believe if this isn't implemented Mikrotik with loose traction and in this market. Its a big feather in SonicWall and other venders cap that they can flaunt and talk down about MikroTik when their partners see them in the field.
Last edited by russman on Sat Jun 13, 2015 5:45 am, edited 1 time in total.
 
Solaris
Member Candidate
Member Candidate
Posts: 100
Joined: Thu Apr 29, 2010 5:05 pm

Re: Feature Request: Suricata

Mon Apr 27, 2015 1:32 pm

+1 For these, high priority!
 
russman
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Thu May 20, 2010 7:23 pm

Re: Feature Request: Suricata

Thu Apr 30, 2015 6:22 pm

Two more requests from corporate customers this week alone, they are being forced to replace their firewalls with units that have IDS/IPS integrated. This should almost be top priority IMHO.
 
barkas
Member Candidate
Member Candidate
Posts: 260
Joined: Sun Sep 25, 2011 10:51 pm

AW: Feature Request: Suricata

Fri May 01, 2015 9:33 am

Mikrotik is a router, not a firewall.
 
friction
newbie
Posts: 40
Joined: Sun Aug 26, 2012 1:27 pm
Location: Werchter, Belgium

Re: Feature Request: Suricata

Fri May 01, 2015 10:50 am

Ok, I get that Mikrotik is focusing on making routers.

But with suricata support for the Tilera architecture, Mikrotik could be exploiting this now to create an IPS.
I am sure it will generate extra revenue, people buying this not because it is a router, but because it becomes a capable IPS.
What is wrong in developing a lightweight security product that fills the needs of smaller companies and smaller branches without breaking the bank?

Should mikrotik remain a router and switching only company? I don`t think so. They don`t have to. But it`s their choice to make.
All we say is this would be a _real_ usable feature, with more usefulness (and market value) in the long run as supporting let`s say samba or cups (in my humble opinion).

Just my 2c.
I am not a complete idiot, some parts are missing. [CCNA Sec / CCNP / LPIC-1]
 
Mandarine
just joined
Posts: 11
Joined: Sat Nov 01, 2014 4:19 pm

Re: Feature Request: Suricata

Fri May 01, 2015 12:37 pm

I'm requesting that Suricata be included in ROS 7.

you can use Suricata right now without waiting

http://robert.penz.name/849/howto-setup ... ta-as-ids/

I use it with Kibana, Elasticsearch and logstash. Take the sniffer tool and make remote logging to your suricata box.
 
friction
newbie
Posts: 40
Joined: Sun Aug 26, 2012 1:27 pm
Location: Werchter, Belgium

Re: Feature Request: Suricata

Mon May 04, 2015 12:55 pm


you can use Suricata right now without waiting

http://robert.penz.name/849/howto-setup ... ta-as-ids/

I use it with Kibana, Elasticsearch and logstash. Take the sniffer tool and make remote logging to your suricata box.
Agreed that that is a possible solution, but I actually want it to be an IPS too, and that is something you can`t solve with sniffer and a remote box, it needs to be inline...
I am not a complete idiot, some parts are missing. [CCNA Sec / CCNP / LPIC-1]
 
russman
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Thu May 20, 2010 7:23 pm

Re: Feature Request: Suricata

Tue May 12, 2015 5:45 pm

Mikrotik is a router, not a firewall.
That's funny, then whats that whole "Firewall" section for then and why does the factory pre-configuration on most of the desktop models come configured as a firewall.

It may be a grey area to some to call a router with ACLs a firewall but I'm pretty sure a router with ACLs and NAT configured moves it into the class of firewall features, plus so much more. To classify it as a router only based because of the label they gave their OS is asinine. You can call a Mikrotik Router OS box by many names depending on how its configured; router, firewall, proxy, NAS, web cache server, DHCP server, DNS server, hotspot management appliance, Radius server, switch, etc. Heck, I keep one in my backpack that's labeled "network tap".
Last edited by russman on Sat Jun 13, 2015 5:47 am, edited 7 times in total.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Feature Request: Suricata

Tue May 12, 2015 6:39 pm

(I bet a SonicWall's performance sucks if too many of its features are turned on at the same time - I have a personal loathing for those boxes, as they always seem to be administered by people who haven't got a clue about networking, their configurations make a mathematician's blackboard look simple and easy-to-read, they break more than just a few services, especially VoIP, and they're way overpriced with their licensing.)
That's funny, whats that whole "Firewall" section for then and why does the factory preconfiguration on most of the desktop models come configured as a firewall.
There's firewalls, and then there's firewalls (to use a southern slang saying - meaning that they're not all created equal).

In RouterOS, There's packet filtering based on all kinds of state / header information. It's pretty robust, actually, but it's mostly limited to headers and states. There ARE layer7 modules in the firewall rule matchers, but alas, doing deep payload inspection and trending based on packet patterns is a much more expensive (cpu-wise) function, and this is where ROS tends to fall behind devices which are much more purpose-built.

Even Cisco made seperate IDS/IPS modules for the ISR line.... because this is one of those heavyweight activities.

If you look in one of these IDS boxes, they almost never have much useful functionality in the networking arena - dynamic routing, mpls, etc - it's just different.

I think an inline IDS that detects threats and uses "port knock" packets or an API connection into the Mikrotik to signal blocking rules would make a dynamite combo.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
russman
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Thu May 20, 2010 7:23 pm

Re: Feature Request: Suricata

Sat Jun 13, 2015 5:13 am

(I bet a SonicWall's performance sucks if too many of its features are turned on at the same time - I have a personal loathing for those boxes, as they always seem to be administered by people who haven't got a clue about networking, their configurations make a mathematician's blackboard look simple and easy-to-read, they break more than just a few services, especially VoIP, and they're way overpriced with their licensing.)
I hate SonicWall as well for many reasons including some you listed. Mikrotik is an amazing platform that just needs a couple more optional packages to round it out and continue to grow in the enterprise market. It would be nice if they beat UBNT to this offering as well.

I should note last week another enterprise customer of mine had to replace their Mikrotiks because upper-management had a security audit and it came back that they had to switch to Cisco for IDS/IPS. Yet another loss of US presence / market share (Federal customer 14 branch offices 3 of which were connected without private fiber via Mikrotik VPN firewalls).
 
josemanuelroma
Trainer
Trainer
Posts: 1
Joined: Thu May 29, 2014 11:30 pm
Location: Spain
Contact:

Re: Feature Request: Suricata

Sat Jun 13, 2015 10:06 am

+1 for IDS.
 
russman
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Thu May 20, 2010 7:23 pm

Re: Feature Request: Suricata

Sat Aug 01, 2015 12:20 am

Mikrotik,

Due to the continued lack of IDS, IPS or DPI being fully integrated into the router, our company is now looking to transition our customers to the Ubiquiti EdgeOS Routers new DPI offering. I hate to leave this platform but we can't ignore the consumer demand for this feature in enterprise environments. We've already lost too many accounts to other consulting firms offering these features via Cisco and SonicWall after 3rd party HIPAA auditors came through. I'm still a fan and will continue to monitor your progress.

Regards,
Russell
 
rado3105
Member
Member
Posts: 480
Joined: Sat Jan 12, 2008 11:45 pm

Re: Feature Request: Suricata

Wed Nov 18, 2015 10:53 pm

EdgeRouter from Ubiquity becoming very interesting routing platform
https://community.ubnt.com/t5/EdgeMAX-B ... d-id/12377

- it can do DPI and use outputs for routing, QOS....also detects torrents....
 
rado3105
Member
Member
Posts: 480
Joined: Sat Jan 12, 2008 11:45 pm

Re: Feature Request: Suricata

Sun Nov 22, 2015 11:41 am

Better indicator of noise. Noise indicator in status of wireless has no meaning if it does not take in account interference. (ubiquity has great indicator: interference+noise)

Also if it is very noise enviroment, routeros shows noise -113, but this is not real predictor....

Who is online

Users browsing this forum: No registered users and 66 guests