pfsense:suricata:alerts:suricata_stream_packet_with_invalid_timestamp
PFSense - Suricata - Alerts - SURICATA STREAM Packet with invalid timestamp
Disable Hardware Checksum Offloading under System → Advanced → Networking.
Suppress
#SURICATA STREAM Packet with invalid timestamp suppress gen_id 1, sig_id 2210044
NOTE: Try toggling the Hardware Checksum Offloading.
If that does not do it, you can simply disable this particular rule by either clicking the red X icon on the Alerts tab in the GID/SID column, or you can find and selectively disable that rule on the Rules tab for the interface.
See this thread from the official Suricata documentation Wiki for details:
Suricata uses PCAP for packet capture during Legacy Blocking Mode operation, and Netmap for Inline IPS Mode operation.
In both cases, hardware checksum offloading needs to be disabled.
pfsense/suricata/alerts/suricata_stream_packet_with_invalid_timestamp.txt · Last modified: 2021/01/14 17:18 by peter