SURICATA

More documents

Recommendations

Info

IPS MODE – Reject ● ● ● ● ● This is an active rejection of the packet, both receiver and sender receive a reject packet. If the packet concerns TCP, it will be a reset-packet, otherwise it will be an ICMP-error packet for all other protocols. Suricata generates an alert too. In IPS mode, the packet will be dropped as in the drop action Reject in IDS mode is called IDPS
IPS MODE Working in IPS mode, the behavior of Suricata is influenced by stream.inline setting : Normally, we analyse data once we know they have been received by the receiver, in term of TCP this means after it has been ACKed. But in IPS it does not work like this, because the data have reached the host that we protect.
Page 1 and 2: SURICATA Mixing IPS/IDS Mode Novemb
Page 3 and 4: Agenda 1. Introduction 2. IPS 3. Nf
Page 5 and 6: IPS MODE How the IPS mode works in
Page 7 and 8: IPS MODE On the administrative side
Page 9: IPS MODE In IPS mode, we have two a
Page 13 and 14: IPS MODE Enabling stream.inline per
Page 15 and 16: NETFILTER When a packet enters the
Page 17 and 18: NETFILTER : FILTER FILTER table : I
Page 19 and 20: NETFILTER : NAT NAT table : It's us
Page 21 and 22: NETFILTER : MANGLE MANGLE table : T
Page 23 and 24: NETFILTER : RAW RAW table : This ta
Page 25 and 26: NETFILTER : RETURN TARGET RETURN ta
Page 27 and 28: NFQUEUE - It is used in Suricata to
Page 29 and 30: NFQUEUE The following picture expla
Page 31 and 32: NFQUEUE NFQUEUE number of packets p
Page 33 and 34: NFLOG - It's used to log packet by
Page 35 and 36: MIXED MODE : INTRO We are ready to
Page 37 and 38: MIXED MODE : USAGE ● ● The usag
Page 39 and 40: MIXED MODE : USAGE 2. We may want t
Page 41 and 42: MIXED MODE : NINJA USAGE We could a
Page 43 and 44: MIXED MODE : NINJA A better solutio
Page 45 and 46: MIXED MODE : NINJA USAGR if we are
Page 47 and 48: RUNNING MODE A running mode specifi
Page 49 and 50: MIXED MODE : STEP 1 - The runmodes
Page 51 and 52: MIXED MODE : STEP 2 - It's forbidde
Page 53 and 54: MIXED MODE : STEP 3 Since we have m
Page 55 and 56: MIXED MODE : STEP 3 NFLOG is trying
Page 57 and 58: MIXED MODE : STEP 4 4. Figure out h
Page 59 and 60: MIXED MODE : STEP 4 And the mode is
Page 61 and 62:
MIXED MODE : STEP 4 As you can see
Page 63 and 64:
DEMONSTRATION Once Suricata detects
Page 65 and 66:
DEMONSTRATION Solution : Deny On Mo
Page 67 and 68:
DEMONSTRATION Summary : - Suricata
Page 69 and 70:
DEMONSTRATION Then we add our rules
Page 71 and 72:
DEMONSTRATION We are ready to start
Page 73 and 74:
CONTACT - Mail : glongo@stamus-netw
show all

SURICATA

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?