Open Information Security Foundation

07/12/2019

11:29 AM Suricata Bug #3083: DROP rule with "noalert"

Using af-packet mode. Interfaces config looks like:
%YAML 1.1
---
# AUTOGENERATED by Stamus SELKS set up script
... Leonid Inodin

09:12 AM Suricata Bug #3083: DROP rule with "noalert"

Yes, I would like to have drops, but no alerts logging. In fact, I just need not to log to drop.log, other logs don't... Leonid Inodin

07/11/2019

07:00 AM Suricata Bug #3083 (Assigned): DROP rule with "noalert"

When the rule look like "drop ip 8.8.8.8 any <> $HOME_NET any (msg:"TEST"; priority:1; sid:999; noalert;)" no drops ... Leonid Inodin

05/31/2019

09:34 AM Suricata Support #2997: IPS AF_Packet mode and decoder invalid

Seems that using "defrag:no" parameter in config file solves thuis problem. Leonid Inodin

05/29/2019

02:16 PM Suricata Support #2998 (Closed): Rules Reload doesn't work properly

I need to drop icmp traffic from 8.8.8.8 (for example). I have created my own rule file (this rules file name is adde... Leonid Inodin

02:01 PM Suricata Support #2997 (Closed): IPS AF_Packet mode and decoder invalid

When using Suricata in IPS AF_Packet mode with "threads: 1" in interfaces configs the latency is quite big (+ from 30... Leonid Inodin