[Discussion] Ca I use Suricata in a local network?

• Previous message (by thread): [Discussion] Ca I use Suricata in a local network?
• Next message (by thread): [Discussion] Ca I use Suricata in a local network?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You could also use Suricata setup to run in af-packet mode to perform IPS.  I find it more efficient than using Suricata with Iptables for doing dropping of malicious packets.  We have been using Af-Packet ips mode for a long time.
 
https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/  Don’t forget If you want to drop a packet then the signature needs to be changed from alert to drop.
 
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Packet_Acquisition_API
 
From: discussion-bounces at lists.openinfosecfoundation.org [mailto:discussion-bounces at lists.openinfosecfoundation.org] On Behalf Of Menerick, John
Sent: Monday, December 22, 2014 11:07 AM
To: Jason Long; discussion at lists.openinfosecfoundation.org
Subject: Re: [Discussion] Ca I use Suricata in a local network?
 

Yes, you can. How you do it depends on the scale of your local network, equipment, and other information technology challenges. https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux is one such example. For instance, if you need to scale far beyond a linux router, then you will augment your blocking with remote calls into your network equipment to enact the change.


Warmly,

John Menerick
Security at NetSuite
http://www.securesql.info

-----Original Message-----
From: discussion-bounces at lists.openinfosecfoundation.org [mailto:discussion-bounces at lists.openinfosecfoundation.org] On Behalf Of Jason Long
Sent: Monday, December 22, 2014 2:44 AM
To: discussion at lists.openinfosecfoundation.org
Subject: [Discussion] Ca I use Suricata in a local network?

Hello Folks.
How are you?
Excuse me, I want to know can I use Suricata-IDS in a local network for blocked bad users in my network and prevent them to attack my servers? 
Excuse me if my question is vague.

Cheers.
_______________________________________________
Discussion mailing list
Discussion at lists.openinfosecfoundation.org
https://lists.openinfosecfoundation.org/mailman/listinfo/discussion


NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for the sole use of the intended recipient for the stated purpose. Any improper use or distribution is prohibited. If you are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or destroy all transmitted information. Please note that all communications and information transmitted through this email system may be monitored and retained by NetSuite or its agents and that all incoming email is automatically scanned by a third party spam and filtering service which may result in deletion of a legitimate e-mail before it is read by the intended recipient.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20141222/13d5263c/attachment-0002.html>

• Previous message (by thread): [Discussion] Ca I use Suricata in a local network?
• Next message (by thread): [Discussion] Ca I use Suricata in a local network?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]