[Oisf-users] How to detect one way flows
Qinwen Hu
qhu009 at aucklanduni.ac.nz
Thu Oct 8 09:34:27 UTC 2015
Hi all,
I try to use Suricata to detect one way flows in our network environment. I
have enable the flow module from eve-log. But my suricata only run 1s for
recording the flow and then stop to detect the one way flow. Does anyone
know the reason?
I also tried to define a new signature for detecting a one way flow. I
created a new signature
alert ipv6 any any -> any any (msg:"IPv6 one way flow"; flow:stateless;
sid:2900096; rev:1;)
Again, I didn't observe any IPv6 one flows. We have used another tool in
the same environment, we can detect IPv6 one way flows by using that tool.
I just wondering, how to use Suricata to detect a one way flow? Can anyone
help me on this?
Many thanks
Steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151008/0a066bc6/attachment.html>
More information about the Oisf-users
mailing list