[Oisf-users] Suricata - Reject in one-arm IPS/IDS mode
Rodgers, Anthony (DTMB)
RodgersA1 at michigan.gov
Mon Mar 23 16:17:43 UTC 2015
Why not use a web proxy like squid for this?
--
Anthony Rodgers
Security Analyst
Michigan Security Operations Center (MiSOC)
DTMB, Michigan Cyber Security
From: oisf-users-bounces at lists.openinfosecfoundation.org [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Rovnov Pavel
Sent: Sunday, March 22, 2015 16:55
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] Suricata - Reject in one-arm IPS/IDS mode
Hello!
I'm considering to use Suricata as a monitoring solution. The task is to alert on a visits of particular web sites (HTTP or HTTPS). And now I'm in planning stage.
I would like to place Suricata out-of-band - a switch will mirror traffic to Suricata. I would like to log and to reset 'bad' TCP/HTTP sessions with REJECT action.
1) Can I use reject when out-of-band?
2) How can I specify interface to send rejects from? I can't use 2-way SPAN port on my switch.
There is something similar to question #2 discussed here (https://redmine.openinfosecfoundation.org/issues/957) but I can't understand the description...
Thanks a lot!
/ Pavel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150323/9c097acb/attachment-0002.html>
More information about the Oisf-users
mailing list