[Oisf-users] Suricata - Reject in one-arm IPS/IDS mode

Rovnov Pavel provnov at solidex.by
Sun Mar 22 20:54:51 UTC 2015



I'm considering to use Suricata as a monitoring solution. The task is to
alert on a visits of particular web sites (HTTP or HTTPS). And now I'm
in planning stage. 


I would like to place Suricata out-of-band - a switch will mirror
traffic to Suricata. I would like to log and to reset 'bad' TCP/HTTP
sessions with REJECT action.


1)      Can I use reject when out-of-band?


2)      How can I specify interface to send rejects from? I can't use
2-way SPAN port on my switch.


There is something similar to question #2 discussed here
(https://redmine.openinfosecfoundation.org/issues/957) but I can't
understand the description...


Thanks a lot!


/ Pavel


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150322/5f76a78c/attachment.html>

More information about the Oisf-users mailing list