[Oisf-users] suricata IPS what to drop rules help

Victor Julien lists at inliniac.net
Fri Jun 21 21:57:51 UTC 2013

On 06/21/2013 09:19 PM, bella mouna wrote:
> Well I have installed suricata with NFQ to work as an IPS.
> I am going to test some evasions techniques  on my IPS using http-phpBB exploit
> What kind of rules should I put to drop???
> any ideas

Yeah. Why don't you start with dropping none. Then you run your tests
and see what alerts. That should give you a clue about which rules you
can convert to drop. Also, it will possibly tell you which classes of
rules you could try converting to drop.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list