[Oisf-users] Suricata and DDoS Attack

Leonard Jacobs ljacobs at netsecuris.com
Wed Jan 27 02:00:16 UTC 2016

With one of the networks we monitor, the ISP was under a DDoS attack yesterday.  It appears that Suricata kept functioning the whole time the attack was occurring because we kept seeing events.  However, somewhere along the way the IPS appeared to lock up.  The appliance was rebooted and everything came back to normal.

We run the IPS in AF-Packet mode.  The actual network we monitor was not directly under the DDoS attack but slow Internet response times was experienced.

Is it possible that Suricata was experiencing some resource exhaustion?  Logs did not show anything wrong.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160126/37d3bc9c/attachment.html>

More information about the Oisf-users mailing list