[Oisf-users] Couple of Questions...
Victor Julien
victor at inliniac.net
Sat Nov 19 14:03:41 UTC 2011
On 11/18/2011 09:22 PM, Brant Wells wrote:
> Hi All,
>
> I have a couple of questions about Suricata usage...
>
> 1) Does anybody know where I can find a good example threshold.config?
Currently we don't have any available. We have an open ticket for it
here: https://redmine.openinfosecfoundation.org/issues/302
The ticket contains an example, I believe it comes from Snort.
> 2) I would like to run Suricata out-of-line for a few weeks to test a few
> things. I know that Snort has the ability to send reset packets or
> something like that to block attacks, if I remember right... Can Suricata
> be configured this way as well?
Yes, make sure you have libnet 1.1 installed. Then you should be able to
use the "reject" keyword in rules instead of "alert" or "drop".
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list