[Oisf-users] Suricata IPS system differentiate between solicited and unsolicited traffic
Kaushal Shriyan
kaushalshriyan at gmail.com
Thu Dec 13 18:11:39 UTC 2018
Hi Amar,
I am still not able to figure out how to distinguish between trusted vs
untrusted traffic. Are there any certain patterns i should look for or any
specific trend...? I am finding it difficult to understand it. Any examples
or samples which will help me understand the setup.
Best Regards,
On Wed, Dec 12, 2018 at 7:30 AM Kaushal Shriyan <kaushalshriyan at gmail.com>
wrote:
> Thanks Amar and i will go through the docs.
>
> On Mon, Dec 10, 2018 at 4:49 PM Amar <amar at countersnipe.com> wrote:
>
>> Well, effectively you do. Make a careful assessment of users, apps,
>> servers, day to day business requirements and then instruct ( with a good
>> Rule set ) Suricata to work. Also all unsolicited traffic may not
>> necessarily be bad traffic depending on your business requirements.
>>
>> Regards
>> Amar Rathore
>> CounterSnipe Systems
>>
>>
>> On Dec 10, 2018 at 8:19 AM, <Kaushal Shriyan <kaushalshriyan at gmail.com>>
>> wrote:
>>
>> Hi Amar,
>>
>> Yes i was referring to what tells Suricata as to what’s solicited or not.
>>
>> Best Regards,
>>
>> On Mon, Dec 10, 2018 at 7:58 AM Amar <amar at countersnipe.com> wrote:
>>
>>> Hi Kaushal
>>>
>>> Do you mean the technical workings of it?
>>> Or
>>> What tells Suricata as to what’s solicited or not?
>>>
>>> Rgds
>>> Amar Rathore
>>> Countersnipe Systems
>>>
>>>
>>> On Dec 9, 2018 at 10:18 AM, <Kaushal Shriyan <kaushalshriyan at gmail.com>>
>>> wrote:
>>>
>>> Hi,
>>>
>>> I know Suricata is both a IDS and IPS system and planning to set up in
>>> our infrastructure. I am trying to understand how does Suricata IPS system
>>> differentiate between solicited and unsolicited traffic and block / prevent
>>> unsolicited traffic to the network. I will appreciate if somebody can
>>> explain with some examples.
>>>
>>> Thanks in Advance.
>>>
>>> Best Regards,
>>>
>>> Kaushal
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181213/60d57bb2/attachment.html>
More information about the Oisf-users
mailing list