[Oisf-users] Suricata in IPS mode seems to discard some DNS requests.

[Andreas Herz]

On 29/01/16 at 10:35, Matt Keeler wrote:
> My current problem is that Suricata seems to be discarding some
> incoming DNS requests causing SSH logins to be very slow. After
> capturing packets and testing out a few things here is what I have
> found.

Sounds you can reproduce this quite easy, is it possible to generate a
pcap that triggers this issue everytime?
Another idea is to either enable rule profiling or play around with the
rules you use. Even without any rules to see if it's an issue with
suricata in general.
I had another issue that resulted in performance drops and was related
to a rule which wasted system resources.

-- 
Andreas Herz