[Oisf-users] suricata IPS what to drop rules help
Victor Julien
lists at inliniac.net
Fri Jun 21 21:57:51 UTC 2013
On 06/21/2013 09:19 PM, bella mouna wrote:
> Well I have installed suricata with NFQ to work as an IPS.
> I am going to test some evasions techniques on my IPS using http-phpBB exploit
> What kind of rules should I put to drop???
> any ideas
Yeah. Why don't you start with dropping none. Then you run your tests
and see what alerts. That should give you a clue about which rules you
can convert to drop. Also, it will possibly tell you which classes of
rules you could try converting to drop.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list