[Oisf-users] [Ask] suricata filemd5 matching

FATHONI ZEPTIAN EKA PURNOMO fathoni at student.telkomuniversity.ac.id
Tue Jul 2 03:38:06 UTC 2019


I am Fathoni as a student. I have some difficulties with Suricata md5 file
matching. I have running suricata in IPS NFQ inline mode with some iptables
configuration. But, the problem is suricata can't drop file. I tried to
send a file with netcat scenario and before I sent the file, I already
md5sum or calculate the md5 file and then write out in blacklist. I write
rule like this "drop tcp any any -> any any (msg:"TCP: FILE MD5
Found";filemd5:blacklist.txt; sid:10000003; rev:1;). Could u help me?

Sorry, I'm not fluent in English. I hope u understand what im saying.
Hope to hear from you soon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190702/6f75c9c5/attachment.html>


More information about the Oisf-users mailing list