[Oisf-users] Suricata IPS ???
Cooper F. Nelson
cnelson at ucsd.edu
Fri Oct 31 19:02:08 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I wouldn't use suricata to prevent DOS attacks, I would use a firewall.
I haven't tried it with suricata, but there is an open-source project to
automate this with snort:
http://www.snortsam.net/
Take care to only block DOS attacks where you are confident of the
source address!
- -Coop
On 10/31/2014 11:55 AM, Jeripotula, Shashiraj wrote:
> Thank Coop,
>
> For the immediate reponse.
>
> Anoop mentioned the same thing.
>
> But, there are so many rules, so many alerts. Which one to change to drop.
>
> What is the efficient way of using Suricata as IPS and preventing dos attacks.
>
> Thanks
>
> Raj
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJUU9ywAAoJEKIFRYQsa8FWW/gH/1RzAx2N90SZHnpiY5t7v2Ef
wFopkf2+z/PYPIZlgg2EKGDueOVcOQyuXg474neEEXls0kw7RaHdfXGdUhbQ1FG4
7di/g25eD85C4AM06265BKs41Fk6hgfXsEdwa0jRXMJaF7CyABupMCicqYdN2vU+
HAVhlz2gokRTA4egVtKVzCRue/oolPIb8gXB4tv5iRiCeDzmTyJYGfoXki49EK1N
hKKmaoBwqitnMHyii34JbRiFVilvD034aTf2tDHPdqkp/lEN1BfFx73biET4mIDy
Sv4mbtgeU4VEKgDmYjgYvRBNzW8juhbwD4Jb6RD3raFp7lkvg3JuCnbkQbmMPsY=
=QOzt
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list