Project

General

Profile

Actions

Bug #4328

closed

Suricata is not fully reading or loading the iprep files

Added by Jeff Lucovsky 8 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,

I have been trying to use Suricata as IPS. I decided to use L2 approaching with AFP. My goal is to use IP Reputation mechanism to block lot of IPs from different blacklists.
I managed to configure everything and I could confirm iprep works like charm with a small custom iprep list, but it looks like the same mechanism fails when the list grows large or there are many reputation lists to load. After some tests it looks like Suricata is not fully reading the iprep files, or that there is a limit to the number of lines it can read/load.

Please check more details in the following posts:
- https://github.com/StamusNetworks/SELKS/issues/289
- https://forum.suricata.io/t/suricata-and-ip-blacklist/972/19

If there is a way to easily fix this issue or if you need more details, please let me know.

Please help!

Thank you


Files

4280.tar.xz (136 KB) 4280.tar.xz Peter Manev, 02/05/2021 07:49 AM

Related issues

Copied from Bug #4280: Suricata is not fully reading or loading the iprep filesClosedVictor JulienActions
Actions #1

Updated by Jeff Lucovsky 8 months ago

  • Copied from Bug #4280: Suricata is not fully reading or loading the iprep files added
Actions #2

Updated by Jeff Lucovsky 8 months ago

  • Status changed from Assigned to In Review
Actions #3

Updated by Jeff Lucovsky 8 months ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF