[Oisf-users] Can I block DDos attack via Suricata-IDS?
Cooper F. Nelson
cnelson at ucsd.edu
Wed Feb 1 22:28:03 UTC 2017
I was using the automatic feature in the .yaml. I just explicitly
defined it in the rules as well.
Btw, I posted about this earlier, but I'm basically doing a 'prefilter'
for doing file extraction by magic number by building a custom magic.mgc
file. If you only build in the magic numbers you are interested in
matching on it vastly improves performance (when using the filemagic
keyword).
-Coop
On 2/1/2017 1:04 PM, Peter Manev wrote:
> Coop you may want to try the prefilterer keyword - it should offer
> performance benefit in your case i think.
> Cpl of examples:
> http://suricata.readthedocs.io/en/latest/rules/prefilter.html
> https://github.com/inliniac/suricata/commit/56239690d041a55ae9c74f6d925d1ae25d48b526
> (feedback is welcome)
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170201/e59d9086/attachment-0002.sig>
More information about the Oisf-users
mailing list