[Oisf-users] Can I block DDos attack via Suricata-IDS?
Oliver Humpage
oliver at watershed.co.uk
Mon Jan 30 12:13:22 UTC 2017
> On 30 Jan 2017, at 11:58, Jason Long <hack3rcon at yahoo.com> wrote:
>
> Hello.
> Can I use Suricata-IDS for block DDos attacks?
If you mean protect yourself when under attack from one, no: if the DDoS traffic is on your network, you’ve already lost. Blocking should be done at your upstream ISP, usually by re-routing traffic to a scrubbing centre rather than with an IDS.
If you mean protect yourself from being part of a DDoS attack on someone else, yes: there are various rules in emerging-dos.rules.
Oliver.
More information about the Oisf-users
mailing list