[Oisf-users] How do I get IPF mode to, well, P?
James Moe
jimoe at sohnen-moe.com
Sat Mar 5 00:02:16 UTC 2016
Hello,
opensuse 42.1
linux 4.1.15-8-default x86_64
suricata 3.0
suricata is built in IPF mode using NFQUEUE.
I see this in <fast.log>, thinking the packet should be dropped:
03/04/2016-13:34:38.972801 [**] [1:2402000:3998] ET DROP Dshield Block
Listed Source group 1 [**] [Classification: Misc Attack] [Priority: 2]
{TCP} 185.130.5.98:43578 -> 192.168.69.246:587
<drop.log> is size 0, as always.
- drop:
enabled: yes # no
filename: drop.log
append: yes
My understanding of IPF was that suricata would block, or drop,
certain packets to prevent intrusion. Clearly my understanding is deficient.
How does suricata actually prevent intrusion?
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
More information about the Oisf-users
mailing list