[Oisf-users] HTTP domain whitelist?

Cooper F. Nelson cnelson at ucsd.edu
Thu Jan 23 18:23:36 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 1/22/2014 11:47 PM, Peter Manev wrote:
> 
> Wouldn't that be able to transfer in some sort of a feature request ?
> 

The pass rules meet our requirements precisely.  For the record, I much
prefer the suricata model of building functionality into the core of the
engine that can be manipulated by a robust language, vs. tacking on
endless static features (like some other IDS products).

Anyways, it turns out that another culprit in our performance issues
over the past few weeks were a few bad IPs SYN flooding us.  Which, btw,
I'll note that suricata+ETPro didn't detect.

So, if I had a feature request, it would be for more "behavioral" sigs
to detect old-school DOS/flood attacks.

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJS4V4oAAoJEKIFRYQsa8FWmjkIAKDRvVn1IPYOB/n5sKA8XqSH
T+dWua7S3RkA8XMg16ROnoRpmnPlqd1v4Wxm0B8FLLCRcPvud4GHg/VCaD2GGj8T
VXnZDi0qiOJzYZEzAVh9PttTbxusUyIAvAzh3xbReNwGMlo4+irxdB/Q8Gp9mSmD
K4kZNRCzUEAvOAZl4ArRfnpV0boci0dlnEEX7ZiRGajYX7cQJ5vuxl2QMr/4uFB8
DsdF4J0YO6pTGTt6MR/+wpM1xb68G+V/OT6XH+KnLtUGiVcjiMpKV9ct/j02aDb+
2R56MrJvENU7rZgnab0s1aqPz7y/+JKwgFwVlmT1zLYlZBe8kv6Orph7kc8C18s=
=DRf2
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list