SURICATA

More documents

Recommendations

Info

IPS MODE In IDS mode, we have the following actions : – Pass ● Suricata stops scanning the packet and skips to the end of all rules (only for this packet) – Alert ● Suricata fires up an alert for the packet matched by a signature
IPS MODE In IPS mode, we have two actions available to block network traffic : drop and reject. – Drop: ● ● ● ● ● If a signature containing a drop action matches a packet, this is discarded immediately and won't be sent any further. The receiver doesn't receive a message, resulting in a time-out. All subsequent packets of a flow are dropped Suricata generates an alert for this packet. This only concerns the IPS mode
Page 1 and 2: SURICATA Mixing IPS/IDS Mode Novemb
Page 3 and 4: Agenda 1. Introduction 2. IPS 3. Nf
Page 5 and 6: IPS MODE How the IPS mode works in
Page 7: IPS MODE On the administrative side
Page 11 and 12: IPS MODE Working in IPS mode, the b
Page 13 and 14: IPS MODE Enabling stream.inline per
Page 15 and 16: NETFILTER When a packet enters the
Page 17 and 18: NETFILTER : FILTER FILTER table : I
Page 19 and 20: NETFILTER : NAT NAT table : It's us
Page 21 and 22: NETFILTER : MANGLE MANGLE table : T
Page 23 and 24: NETFILTER : RAW RAW table : This ta
Page 25 and 26: NETFILTER : RETURN TARGET RETURN ta
Page 27 and 28: NFQUEUE - It is used in Suricata to
Page 29 and 30: NFQUEUE The following picture expla
Page 31 and 32: NFQUEUE NFQUEUE number of packets p
Page 33 and 34: NFLOG - It's used to log packet by
Page 35 and 36: MIXED MODE : INTRO We are ready to
Page 37 and 38: MIXED MODE : USAGE ● ● The usag
Page 39 and 40: MIXED MODE : USAGE 2. We may want t
Page 41 and 42: MIXED MODE : NINJA USAGE We could a
Page 43 and 44: MIXED MODE : NINJA A better solutio
Page 45 and 46: MIXED MODE : NINJA USAGR if we are
Page 47 and 48: RUNNING MODE A running mode specifi
Page 49 and 50: MIXED MODE : STEP 1 - The runmodes
Page 51 and 52: MIXED MODE : STEP 2 - It's forbidde
Page 53 and 54: MIXED MODE : STEP 3 Since we have m
Page 55 and 56: MIXED MODE : STEP 3 NFLOG is trying
Page 57 and 58: MIXED MODE : STEP 4 4. Figure out h
Page 59 and 60:
MIXED MODE : STEP 4 And the mode is
Page 61 and 62:
MIXED MODE : STEP 4 As you can see
Page 63 and 64:
DEMONSTRATION Once Suricata detects
Page 65 and 66:
DEMONSTRATION Solution : Deny On Mo
Page 67 and 68:
DEMONSTRATION Summary : - Suricata
Page 69 and 70:
DEMONSTRATION Then we add our rules
Page 71 and 72:
DEMONSTRATION We are ready to start
Page 73 and 74:
CONTACT - Mail : glongo@stamus-netw
show all

SURICATA

Create successful ePaper yourself

Delete template?

Save as template?