[Oisf-users] Suricata IPS ???
Jeripotula, Shashiraj
shashiraj.jeripotula at verizon.com
Fri Oct 31 19:07:06 UTC 2014
Not sure, then, what is the purpose of emerging-dos.rules from emerging threats ???
-----Original Message-----
From: Cooper F. Nelson [mailto:cnelson at ucsd.edu]
Sent: Friday, October 31, 2014 12:02 PM
To: Jeripotula, Shashiraj; oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Suricata IPS ???
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I wouldn't use suricata to prevent DOS attacks, I would use a firewall.
I haven't tried it with suricata, but there is an open-source project to automate this with snort:
http://www.snortsam.net/
Take care to only block DOS attacks where you are confident of the source address!
- -Coop
On 10/31/2014 11:55 AM, Jeripotula, Shashiraj wrote:
> Thank Coop,
>
> For the immediate reponse.
>
> Anoop mentioned the same thing.
>
> But, there are so many rules, so many alerts. Which one to change to drop.
>
> What is the efficient way of using Suricata as IPS and preventing dos attacks.
>
> Thanks
>
> Raj
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJUU9ywAAoJEKIFRYQsa8FWW/gH/1RzAx2N90SZHnpiY5t7v2Ef
wFopkf2+z/PYPIZlgg2EKGDueOVcOQyuXg474neEEXls0kw7RaHdfXGdUhbQ1FG4
7di/g25eD85C4AM06265BKs41Fk6hgfXsEdwa0jRXMJaF7CyABupMCicqYdN2vU+
HAVhlz2gokRTA4egVtKVzCRue/oolPIb8gXB4tv5iRiCeDzmTyJYGfoXki49EK1N
hKKmaoBwqitnMHyii34JbRiFVilvD034aTf2tDHPdqkp/lEN1BfFx73biET4mIDy
Sv4mbtgeU4VEKgDmYjgYvRBNzW8juhbwD4Jb6RD3raFp7lkvg3JuCnbkQbmMPsY=
=QOzt
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list