[Oisf-users] Oisf-users Digest, Vol 87, Issue 29

erik clark philosnef at gmail.com
Thu Feb 23 17:06:56 UTC 2017


Re suricon2017, will there be any stateside cons for suri in 2017? I would
be hard pressed to find a way to get my employer to send me to Europe. :)


On Thu, Feb 23, 2017 at 12:00 PM, <
oisf-users-request at lists.openinfosecfoundation.org> wrote:

> Send Oisf-users mailing list submissions to
>         oisf-users at lists.openinfosecfoundation.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.openinfosecfoundation.org/
> mailman/listinfo/oisf-users
> or, via email, send a message with subject or body 'help' to
>         oisf-users-request at lists.openinfosecfoundation.org
>
> You can reach the person managing the list at
>         oisf-users-owner at lists.openinfosecfoundation.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Oisf-users digest..."
>
>
> Today's Topics:
>
>    1. Re: duplicate signature (Vieri)
>    2. ANNOUNCING SuriCon 2017 - November 15 - 17 (Kelley Misata)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 23 Feb 2017 08:12:20 +0000 (UTC)
> From: Vieri <rentorbuy at yahoo.com>
> To: Oisf-users <oisf-users at lists.openinfosecfoundation.org>
> Subject: Re: [Oisf-users] duplicate signature
> Message-ID: <318153291.4357078.1487837540913 at mail.yahoo.com>
> Content-Type: text/plain; charset=UTF-8
>
>
>
> ----- Original Message -----
>
> From: Victor Julien <lists at inliniac.net>
> >> # grep 5000001 /etc/suricata/rules/*
> >> /etc/suricata/rules/local.rules:drop ip $EXTERNAL_NET any -> $HOME_NET
> any (msg:"obnoxious GeoIP block"; geoip:src,!US,CA,EU,ES,PT,FR,DE,GB,IT,BE;
> sid:5000001; rev:1;)
> >
> > Could you be loading the same rule file twice?
>
>
> Right. My bad. I wrongly included the file twice.
>
> By the way, the negating rule example in
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP
> should be used with care. Never use that with alert/drop ip any any -> any
> any or the system will come to a crawl with 100% CPU. I guess that's
> because the suricata equivalent of "geoiplookup <private_ip>" evaluates to
> true when using ! in the rule.
>
> Maybe the line that reads:
> geoip:src,!ES,JP,US,UK,PT;sid:1; --> this will trigger if src IP of the
> packet is not ES or JP or US or UK or PT
> should be changed to:
> geoip:src,!ES,JP,US,GB,PT;sid:1; --> this will trigger if src IP of the
> packet is not ES or JP or US or GB or PT or if it's in a private address
> range
>
> (note that UK doesn't exist - it could be either GB, United Kingdom or UA,
> Ukraine)
>
> Vieri
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 23 Feb 2017 09:11:23 -0500
> From: Kelley Misata <kmisata at oisf.net>
> To: oisf users <oisf-users at openinfosecfoundation.org>
> Subject: [Oisf-users] ANNOUNCING SuriCon 2017 - November 15 - 17
> Message-ID:
>         <CAEoU0e_nwLztxhGsEtZziiFzMKTq7kp5o7-
> YMRyT4UR5TEZy5A at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> We are excited to announce the dates and location for the 3rd annual
> Suricata uses conference - *SuriCon 2017... mark your calendars and
> register early as SuriCon has sold out 2 years in a row!*
>
> November 15 - 17, 2017
> Hotel Grandior Prague, Na Poříčí 42, 110 00 Praha 1-Florenc, Czechia
> Register <https://suricon2017.eventbrite.com/>
>
> As many of you know SuriCon every year brings together the Suricata
> community from across the globe for 3-days of talks, dev-roadmap
> discussions, and maybe even some beer.
>
> *"Strong friendly community, technical focus, a wide range of talks." *
> *SuriCon 2016 Attendee*
>
> *Interested in speaking at SuriCon? *
> Get your abstracts ready, call for speakers opens March 1, 2017.
>
> *Show your support of Suricata and SuriCon - become a sponsor!  *
> SuriCon is possible only with the generous support of our sponsors.
> Considering supporting SurCon and the Suricata community by becoming a
> sponsor today. Also, thanks to great feedback from last year's sponsors and
> attendees we have added a few new levels AND new benefits. Space for some
> sponsorships is limited so don't wait. Check it out!
> <http://suricon.net/sponsorship/>
>
>
> See you in Prague!
> The OISF Team
>
> --
> *Kelley Misata, Ph.D.*
> *Executive Director*
> *kmisata at oisf.net <kmisata at oisf.net>*
> *twitter:@OISFoundation*
> *www.oisf.net <http://www.oisf.net>*
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/
> attachments/20170223/c0b0c439/attachment-0001.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at lists.openinfosecfoundation.org
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
> ------------------------------
>
> End of Oisf-users Digest, Vol 87, Issue 29
> ******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170223/7ba0bf9f/attachment.html>


More information about the Oisf-users mailing list