So off and on while playing with Security Onion and Squert over the past several months, I have come across the dreaded “PHP Fatal error: Allowed memory size of X bytes exhausted (tried to allocate Y bytes) in /var/www/squert/.inc/callback.php” error when pulling up a full PCAP in either ELSA or…
So last night while playing around with my router trying to get it running as an OpenVPN Server (which was nothing but an all-day, bang-your-head-against-the-wall kind of experience since, from what I can tell reading multiple sites about Mikrotik, does not have a solid OpenVPN server package) I noticed this…
So the other day while reviewing alerts in Squert I noticed a lot of alerts triggering for ‘ET POLICY SSLv3 outbound connection from client vulnerable to POODLE attack.’ The rule for this is: alert tcp $EXTERNAL_NET [443,465,993,995,25] -> $HOME_NET any (msg:”ET POLICY SSLv3 outbound connection from client vulnerable to POODLE…