[Oisf-users] Suricata IPS ???

Cooper F. Nelson cnelson at ucsd.edu
Fri Oct 31 19:02:08 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I wouldn't use suricata to prevent DOS attacks, I would use a firewall.

I haven't tried it with suricata, but there is an open-source project to
automate this with snort:

http://www.snortsam.net/

Take care to only block DOS attacks where you are confident of the
source address!

- -Coop

On 10/31/2014 11:55 AM, Jeripotula, Shashiraj wrote:
> Thank Coop,
> 
> For the immediate reponse.
> 
> Anoop mentioned the same thing.
> 
> But, there are so many rules, so many alerts. Which one to change to drop.
> 
> What is the efficient way of using Suricata as IPS and preventing dos attacks.
> 
> Thanks
> 
> Raj
> 

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJUU9ywAAoJEKIFRYQsa8FWW/gH/1RzAx2N90SZHnpiY5t7v2Ef
wFopkf2+z/PYPIZlgg2EKGDueOVcOQyuXg474neEEXls0kw7RaHdfXGdUhbQ1FG4
7di/g25eD85C4AM06265BKs41Fk6hgfXsEdwa0jRXMJaF7CyABupMCicqYdN2vU+
HAVhlz2gokRTA4egVtKVzCRue/oolPIb8gXB4tv5iRiCeDzmTyJYGfoXki49EK1N
hKKmaoBwqitnMHyii34JbRiFVilvD034aTf2tDHPdqkp/lEN1BfFx73biET4mIDy
Sv4mbtgeU4VEKgDmYjgYvRBNzW8juhbwD4Jb6RD3raFp7lkvg3JuCnbkQbmMPsY=
=QOzt
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list