Support #2636: I need help fort IPS inline doesn't drop - Suricata - Open Information Security Foundation

Support #2636

Updated by Victor Julien over 5 years ago

Dears, 
 I want to protect against aatack, I use suricata 4.0.4 RELEASE with IPS Inline 

 <pre> 
 iptables -vnL 
 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) 
  pkts bytes target       prot opt in       out       source                 destination 
  3970    499K NFQUEUE      all    --    *        *         0.0.0.0/0              0.0.0.0/0              NFQUEUE num 0 

 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) 
  pkts bytes target       prot opt in       out       source                 destination 

 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) 
  pkts bytes target       prot opt in       out       source                 destination 
  2485    216K NFQUEUE      all    --    *        *         0.0.0.0/0              0.0.0.0/0              NFQUEUE num 0 
 </pre> 

 I listen traffic whith Wireshark on my server. 
 My problem, when I use Armitage to scan my server nothing is DROP. 
 You have a suricata.yaml file in attachment. 

 Can you helo me ? 

 Best regard. 
 MaxKweeger

Back

Project

General

Profile

Suricata

Support #2636