My Suricata pfsense suppress list


This list is no longer maintained.

I just moved from Snort to Suricata. The reason for my move is because Snort would die on rules update ever so often on my PfSense firewall. I am not sure of the cause, but I was getting concerned about a false sense of security.

I am no stating that Suricata is better than Snort. Just in my situation, I needed to try something different.

What I could tell, without a suppress list, Suricata would create a lot of protocol alerts and other false positives produced by SAAS, appliances, windows updates, TLS issues. These alerts were caused by standard (and lousy programming) of internet-connected devices at home. Without a suppress list, if IP block were turned on, your internet connected device would stop working. An example that was major to me was that windows updates would cause a TLS error. Lookout for my cell phone would be blocked, and the list goes on.


If you decide to use my suppress list, just to know that I am will side with the functionality of my Internet-connected devices than the security expert. If you use this suppress listing, use it at your own risk.


Comments powered by Disqus