[Oisf-users] Suricata - Reject in one-arm IPS/IDS mode
Rovnov Pavel
provnov at solidex.by
Sun Mar 22 20:54:51 UTC 2015
Hello!
I'm considering to use Suricata as a monitoring solution. The task is to
alert on a visits of particular web sites (HTTP or HTTPS). And now I'm
in planning stage.
I would like to place Suricata out-of-band - a switch will mirror
traffic to Suricata. I would like to log and to reset 'bad' TCP/HTTP
sessions with REJECT action.
1) Can I use reject when out-of-band?
2) How can I specify interface to send rejects from? I can't use
2-way SPAN port on my switch.
There is something similar to question #2 discussed here
(https://redmine.openinfosecfoundation.org/issues/957) but I can't
understand the description...
Thanks a lot!
/ Pavel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150322/5f76a78c/attachment.html>
More information about the Oisf-users
mailing list