[Oisf-users] Pass and Drop
Will Metcalf
william.metcalf at gmail.com
Thu Jun 17 12:19:44 UTC 2010
> The rules should alert or drop based on an specific attack, otherwise,
> if no rule matched, suricata let it pass, am I right? In that case,
> traffic should pass at least an attack is detected, right?
Yes, to answer both questions... At this point, I think we are all
saying the same thing ;-)...
Regards,
Will
On Wed, Jun 16, 2010 at 8:36 AM, Martin Spinassi
<martins.listz at gmail.com> wrote:
> On Tue, 2010-06-15 at 13:19 -0400, Brant Wells wrote:
>
>> Hey Guys.,
>>
>>
>> I've been following this discussion this morning but haven't had a
>> chance to reply...
>>
>> If you want to let Suricata pass traffic from your HOME_NET, then why
>> add any rules at all? You can still what is being done to that host
>> via the HTTP logs (both from Suricata and on that host itself). Then,
>> you are free to add any rules that you need in order to detect actual
>> attacks... Or am I misinterpreting what you are trying to accomplish?
>>
>>
>> See Yas!
>> ~Brant
>
> Hello Brant,
>
> Thanks, I think your mail clarified my question.
>
> The rules should alert or drop based on an specific attack, otherwise,
> if no rule matched, suricata let it pass, am I right? In that case,
> traffic should pass at least an attack is detected, right?
>
> Best regards,
>
> Martin
>
>
>
More information about the Oisf-users
mailing list