[Oisf-users] HTTP domain whitelist?
Peter Manev
petermanev at gmail.com
Sun Jan 26 12:34:24 UTC 2014
On Thu, Jan 23, 2014 at 7:23 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 1/22/2014 11:47 PM, Peter Manev wrote:
>>
>> Wouldn't that be able to transfer in some sort of a feature request ?
>>
>
> The pass rules meet our requirements precisely. For the record, I much
> prefer the suricata model of building functionality into the core of the
> engine that can be manipulated by a robust language, vs. tacking on
> endless static features (like some other IDS products).
I like that too. I am also fond of the idea to be able to use a BPF
like filter for domains at the start line as well.
>
> Anyways, it turns out that another culprit in our performance issues
> over the past few weeks were a few bad IPs SYN flooding us. Which, btw,
> I'll note that suricata+ETPro didn't detect.
Maybe the ETPro mail list would be able to offer some help, if you let
them know about your troubles?
>
> So, if I had a feature request, it would be for more "behavioral" sigs
> to detect old-school DOS/flood attacks.
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJS4V4oAAoJEKIFRYQsa8FWmjkIAKDRvVn1IPYOB/n5sKA8XqSH
> T+dWua7S3RkA8XMg16ROnoRpmnPlqd1v4Wxm0B8FLLCRcPvud4GHg/VCaD2GGj8T
> VXnZDi0qiOJzYZEzAVh9PttTbxusUyIAvAzh3xbReNwGMlo4+irxdB/Q8Gp9mSmD
> K4kZNRCzUEAvOAZl4ArRfnpV0boci0dlnEEX7ZiRGajYX7cQJ5vuxl2QMr/4uFB8
> DsdF4J0YO6pTGTt6MR/+wpM1xb68G+V/OT6XH+KnLtUGiVcjiMpKV9ct/j02aDb+
> 2R56MrJvENU7rZgnab0s1aqPz7y/+JKwgFwVlmT1zLYlZBe8kv6Orph7kc8C18s=
> =DRf2
> -----END PGP SIGNATURE-----
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list