[Oisf-users] Can I block DDos attack via Suricata-IDS?

Cooper F. Nelson cnelson at ucsd.edu
Wed Feb 1 22:28:03 UTC 2017

I was using the automatic feature in the .yaml.  I just explicitly
defined it in the rules as well.

Btw, I posted about this earlier, but I'm basically doing a 'prefilter'
for doing file extraction by magic number by building a custom magic.mgc
file.  If you only build in the magic numbers you are interested in
matching on it vastly improves performance (when using the filemagic


On 2/1/2017 1:04 PM, Peter Manev wrote:
> Coop you may want to try the prefilterer keyword -  it should offer
> performance benefit in your case i think.
> Cpl of examples:
> http://suricata.readthedocs.io/en/latest/rules/prefilter.html
> https://github.com/inliniac/suricata/commit/56239690d041a55ae9c74f6d925d1ae25d48b526
> (feedback is welcome)

Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170201/e59d9086/attachment-0002.sig>

More information about the Oisf-users mailing list