[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-users
Subject: Re: [Oisf-users] suricata defending itself
From: Victor Julien <lists () inliniac ! net>
Date: 2015-08-18 7:36:34
Message-ID: 55D2E082.6030308 () inliniac ! net
[Download RAW message or body]
On 08/17/2015 03:00 PM, BAR=D3CSI G=E1bor wrote:
> Please help me with an issue. I=92ve configured a Suricata on a test
> firewall using NFQ and repeat mode with iptables.
> =
> When Suricata runs, it detects all penetration tests if these tests are
> regarded to a subsystem like a webserver behind the firewall. No problem
> with that.
> =
> But when I run a test-attack directly to Suricata, then it does not log
> anything and does not detect anything.
> =
> =
> =
> Am I missing some rules or something? I=92m using all the basic rules for
> snort with oinkmaster.
> =
For this to work you need iptables NFQUEUE rules in the INPUT and OUTPUT
chains as well as your existing FORWARD chain rules.
-- =
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic