[Oisf-users] Pass and Drop

Martin Spinassi martins.listz at gmail.com
Wed Jun 16 13:36:37 UTC 2010


On Tue, 2010-06-15 at 13:19 -0400, Brant Wells wrote:

> Hey Guys.,
> 
> 
> I've been following this discussion this morning but haven't had a
> chance to reply... 
> 
> If you want to let Suricata pass traffic from your HOME_NET, then why
> add any rules at all?  You can still what is being done to that host
> via the HTTP logs (both from Suricata and on that host itself).  Then,
> you are free to add any rules that you need in order to detect actual
> attacks...  Or am I misinterpreting what you are trying to accomplish?
> 
> 
> See Yas!
> ~Brant

Hello Brant,

Thanks, I think your mail clarified my question.

The rules should alert or drop based on an specific attack, otherwise,
if no rule matched, suricata let it pass, am I right? In that case,
traffic should pass at least an attack is detected, right?

Best regards,

Martin





More information about the Oisf-users mailing list