[Oisf-users] Suricata IPS system differentiate between solicited and unsolicited traffic
Kaushal Shriyan
kaushalshriyan at gmail.com
Sat Dec 15 13:26:43 UTC 2018
On Thu, Dec 13, 2018 at 11:41 PM Kaushal Shriyan <kaushalshriyan at gmail.com>
wrote:
> Hi Amar,
>
> I am still not able to figure out how to distinguish between trusted vs
> untrusted traffic. Are there any certain patterns i should look for or any
> specific trend...? I am finding it difficult to understand it. Any examples
> or samples which will help me understand the setup.
>
> Best Regards,
>
> On Wed, Dec 12, 2018 at 7:30 AM Kaushal Shriyan <kaushalshriyan at gmail.com>
> wrote:
>
>> Thanks Amar and i will go through the docs.
>>
>> On Mon, Dec 10, 2018 at 4:49 PM Amar <amar at countersnipe.com> wrote:
>>
>>> Well, effectively you do. Make a careful assessment of users, apps,
>>> servers, day to day business requirements and then instruct ( with a good
>>> Rule set ) Suricata to work. Also all unsolicited traffic may not
>>> necessarily be bad traffic depending on your business requirements.
>>>
>>> Regards
>>> Amar Rathore
>>> CounterSnipe Systems
>>>
>>>
>>> On Dec 10, 2018 at 8:19 AM, <Kaushal Shriyan <kaushalshriyan at gmail.com>>
>>> wrote:
>>>
>>> Hi Amar,
>>>
>>> Yes i was referring to what tells Suricata as to what’s solicited or
>>> not.
>>>
>>> Best Regards,
>>>
>>> On Mon, Dec 10, 2018 at 7:58 AM Amar <amar at countersnipe.com> wrote:
>>>
>>>> Hi Kaushal
>>>>
>>>> Do you mean the technical workings of it?
>>>> Or
>>>> What tells Suricata as to what’s solicited or not?
>>>>
>>>> Rgds
>>>> Amar Rathore
>>>> Countersnipe Systems
>>>>
>>>>
>>>> On Dec 9, 2018 at 10:18 AM, <Kaushal Shriyan <kaushalshriyan at gmail.com>>
>>>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I know Suricata is both a IDS and IPS system and planning to set up in
>>>> our infrastructure. I am trying to understand how does Suricata IPS system
>>>> differentiate between solicited and unsolicited traffic and block / prevent
>>>> unsolicited traffic to the network. I will appreciate if somebody can
>>>> explain with some examples.
>>>>
>>>> Thanks in Advance.
>>>>
>>>> Best Regards,
>>>>
>>>> Kaushal
>>>>
>>>>
Hi,
Checking in again if somebody can pitch in for my earlier question to this
mailing list.
Thanks in Advance.
Best Regards,
Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181215/911e0b8f/attachment.html>
More information about the Oisf-users
mailing list