[Oisf-users] (no subject)
Travel Factory S.r.l.
mc8647 at mclink.it
Mon Mar 24 13:14:36 UTC 2014
Ok, right, what do I want to achieve ?
We want to be able to check lan traffic for malware and to store file
types usually used to spread malware: exes, java, pdf....
We'd like to enable md5 logging/checking and we probably will setup
something for running the exe in a sandbox...
Up until now we had several problems that I thought were solved.
Suricata was on autopilot. Due to a change in lan configuration I was
back to it and noticed that we were still losing some packets... or,
to be more correct, files filestored on disk were incomplete,
So I created a small script with 30 lines of wget of a file on a
server I own outside this lan. Running in when lan traffic was under
120mbit (early morning or late evening) all files were stored
correctly. As soon lan traffic increased I started to get corrupted
files. With a peak traffic of 500mbit I got just a handfull of files
This happened till a couple of hours ago... now I probably found
something that helped me a lot, I will post a new message soon.
More information about the Oisf-users