SURICATA

More documents

Recommendations

Info

NFLOG - NFLOG is for LOGging - It is similar to NFQUEUE but it only sends a copy of packet without issuing a verdict. - The communication between NFLOG and a userspace software is made through netlink socket. - In fact, the following rules will send all packets to netlink socket 10 : nft add rule filter input ip log group 10 iptables -A INPUT -j NFLOG --nflog-group 10
NFLOG - It's used to log packet by the kernel packet filter and pass it via userspace software. – Some software that uses NFLOG : ● ● Ulogd2 (Netfilter userspace logging daemon) Wireshark
Page 1 and 2: SURICATA Mixing IPS/IDS Mode Novemb
Page 3 and 4: Agenda 1. Introduction 2. IPS 3. Nf
Page 5 and 6: IPS MODE How the IPS mode works in
Page 7 and 8: IPS MODE On the administrative side
Page 9 and 10: IPS MODE In IPS mode, we have two a
Page 11 and 12: IPS MODE Working in IPS mode, the b
Page 13 and 14: IPS MODE Enabling stream.inline per
Page 15 and 16: NETFILTER When a packet enters the
Page 17 and 18: NETFILTER : FILTER FILTER table : I
Page 19 and 20: NETFILTER : NAT NAT table : It's us
Page 21 and 22: NETFILTER : MANGLE MANGLE table : T
Page 23 and 24: NETFILTER : RAW RAW table : This ta
Page 25 and 26: NETFILTER : RETURN TARGET RETURN ta
Page 27 and 28: NFQUEUE - It is used in Suricata to
Page 29 and 30: NFQUEUE The following picture expla
Page 31: NFQUEUE NFQUEUE number of packets p
Page 35 and 36: MIXED MODE : INTRO We are ready to
Page 37 and 38: MIXED MODE : USAGE ● ● The usag
Page 39 and 40: MIXED MODE : USAGE 2. We may want t
Page 41 and 42: MIXED MODE : NINJA USAGE We could a
Page 43 and 44: MIXED MODE : NINJA A better solutio
Page 45 and 46: MIXED MODE : NINJA USAGR if we are
Page 47 and 48: RUNNING MODE A running mode specifi
Page 49 and 50: MIXED MODE : STEP 1 - The runmodes
Page 51 and 52: MIXED MODE : STEP 2 - It's forbidde
Page 53 and 54: MIXED MODE : STEP 3 Since we have m
Page 55 and 56: MIXED MODE : STEP 3 NFLOG is trying
Page 57 and 58: MIXED MODE : STEP 4 4. Figure out h
Page 59 and 60: MIXED MODE : STEP 4 And the mode is
Page 61 and 62: MIXED MODE : STEP 4 As you can see
Page 63 and 64: DEMONSTRATION Once Suricata detects
Page 65 and 66: DEMONSTRATION Solution : Deny On Mo
Page 67 and 68: DEMONSTRATION Summary : - Suricata
Page 69 and 70: DEMONSTRATION Then we add our rules
Page 71 and 72: DEMONSTRATION We are ready to start
Page 73 and 74: CONTACT - Mail : glongo@stamus-netw

SURICATA

Create successful ePaper yourself

Delete template?

Save as template?