[Oisf-users] [Ask] suricata filemd5 matching
Andreas Herz
aherz at oisf.net
Fri Jul 5 20:29:57 UTC 2019
Hi Fathoni,
On 02/07/19 at 10:38, FATHONI ZEPTIAN EKA PURNOMO wrote:
> I am Fathoni as a student. I have some difficulties with Suricata md5 file
> matching. I have running suricata in IPS NFQ inline mode with some iptables
> configuration. But, the problem is suricata can't drop file. I tried to
> send a file with netcat scenario and before I sent the file, I already
> md5sum or calculate the md5 file and then write out in blacklist. I write
> rule like this "drop tcp any any -> any any (msg:"TCP: FILE MD5
> Found";filemd5:blacklist.txt; sid:10000003; rev:1;). Could u help me?
Could you provide us with more details about your setup?
What version are you running?
What are your iptables rules?
Kernel/Distribution?
Config settings?
How do you start suricata?
--
Andreas Herz
More information about the Oisf-users
mailing list