[Oisf-users] Can I block DDos attack via Suricata-IDS?
Cooper F. Nelson
cnelson at ucsd.edu
Mon Jan 30 16:48:13 UTC 2017
Sort of.
1. You can detect DDOS attacks via suricata, via ET sigs or writing
your own. For example, I have a few local ones for detecting SYN and
UDP floods.
2. You can have an external process, either manual or automatic, to
deploy ACLs to block this traffic.
A word of warning, however. Large DDOS attacks will kill your peering,
so you will need help from your ISP to deal with those.
-Coop
On 1/30/2017 3:58 AM, Jason Long wrote:
> Hello.Can I use Suricata-IDS for block DDos attacks?
> Thank you.
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170130/95188d12/attachment-0002.sig>
More information about the Oisf-users
mailing list