[Oisf-users] Can I block DDos attack via Suricata-IDS?

Oliver Humpage oliver at watershed.co.uk
Mon Jan 30 12:13:22 UTC 2017


> On 30 Jan 2017, at 11:58, Jason Long <hack3rcon at yahoo.com> wrote:
> 
> Hello.
> Can I use Suricata-IDS for block DDos attacks?

If you mean protect yourself when under attack from one, no: if the DDoS traffic is on your network, you’ve already lost. Blocking should be done at your upstream ISP, usually by re-routing traffic to a scrubbing centre rather than with an IDS.

If you mean protect yourself from being part of a DDoS attack on someone else, yes: there are various rules in emerging-dos.rules.

Oliver.




More information about the Oisf-users mailing list