[Oisf-users] (no subject)

Travel Factory S.r.l. mc8647 at mclink.it
Mon Mar 24 13:14:36 UTC 2014

Ok, right, what do I want to achieve ?

We want to be able to check lan traffic for malware and to store file 
types usually used to spread malware: exes, java, pdf....

We'd like to enable md5 logging/checking and we probably will setup 
something for running the exe in a sandbox...

Up until now we had several problems that I thought were solved. 
 Suricata was on autopilot. Due to a change in lan configuration I was 
back to it and noticed that we were still losing some packets... or, 
to be more correct, files filestored on disk were incomplete, 

So I created a small script with 30 lines of wget of a file on a 
server I own outside this lan. Running in when lan traffic was under 
120mbit (early morning or late evening) all files were stored 
correctly. As soon lan traffic increased I started to get corrupted 
files. With a peak traffic of 500mbit I got just a handfull of files 

This happened till a couple of hours ago... now I probably found 
something that helped me a lot, I will post a new message soon.

More information about the Oisf-users mailing list