[Oisf-users] Suricata inline - rule matching stops
Özkan KIRIK
ozkan.kirik at gmail.com
Thu May 22 13:47:09 UTC 2014
I tried with pcap now. But issue is reproducable.
On Thu, May 22, 2014 at 4:19 PM, Peter Manev <petermanev at gmail.com> wrote:
>
>
>
> On Thu, May 22, 2014 at 3:13 PM, Özkan KIRIK <ozkan.kirik at gmail.com>wrote:
>
>> Hi,
>>
>> I am running Suricata 2.0 release inline mode on FreeBSD.
>> There is single rule as below:
>> drop tls any any -> any any (msg:"SSL: vtunnel.com"; tls.subject:"
>> vtunnel.com"; sid:3230059; rev:1;)
>>
>> At start, everything is fine. I can see drop events on fast.log.
>> After a while ( about 2 minutes ) suricata gives up dropping packets. No
>> packets matches rule altough I tried to connect vtunnel.com via https,
>> but all traffic forwarded.
>>
>> No threshold configured on yaml file.
>>
>> How can i debug this problem?
>>
>> Best regards,
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>>
>
>
>
> Is it possible to reproduce/share the issue with a pcap ?
>
> thanks
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140522/4b044a99/attachment-0002.html>
More information about the Oisf-users
mailing list