How to Inline mode (IPS) Suricata on Security Onion
1,174 views
Skip to first unread message
Marihot Siregar
Nov 21, 2017, 6:06:36 AM11/21/17
to security-onion
Hi i'm ucok from indonesia.
i have question is how to make inline mode (IPS mode) for suricata ? i want to preven threats network like DOS ATTACK, Port Scanning and another.
i have question is how to make inline mode (IPS mode) for suricata ? i want to preven threats network like DOS ATTACK, Port Scanning and another.
Wes Lambert
Nov 21, 2017, 6:42:40 AM11/21/17
to securit...@googlegroups.com
Ucok,
Please see:
Thanks,
Wes
On Tue, Nov 21, 2017 at 3:23 AM, Marihot Siregar <marihot...@gmail.com> wrote:
Hi i'm ucok from indonesia.
i have question is how to make inline mode (IPS mode) for suricata ? i want to preven threats network like DOS ATTACK, Port Scanning and another.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
marih...@mahasiswa.pcr.ac.id
Nov 28, 2017, 8:58:27 AM11/28/17
to security-onion
On Tuesday, November 21, 2017 at 6:42:40 PM UTC+7, Wes wrote:
> Ucok,
>
>
> Please see:
>
>
> https://github.com/Security-Onion-Solutions/security-onion/wiki/FAQ#can-security-onion-run-in-ips-mode
>
>
>
> Thanks,
> Wes
>
>
> On Tue, Nov 21, 2017 at 3:23 AM, Marihot Siregar <marihot...@gmail.com> wrote:
> Hi i'm ucok from indonesia.
>
>
>
> i have question is how to make inline mode (IPS mode) for suricata ? i want to preven threats network like DOS ATTACK, Port Scanning and another.
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> Ucok,
>
>
> Please see:
>
>
> https://github.com/Security-Onion-Solutions/security-onion/wiki/FAQ#can-security-onion-run-in-ips-mode
>
>
>
> Thanks,
> Wes
>
>
> On Tue, Nov 21, 2017 at 3:23 AM, Marihot Siregar <marihot...@gmail.com> wrote:
> Hi i'm ucok from indonesia.
>
>
>
> i have question is how to make inline mode (IPS mode) for suricata ? i want to preven threats network like DOS ATTACK, Port Scanning and another.
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>
>
> To post to this group, send email to securit...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
i see on github, ips mode not supported. But how to prevent theat with suricata ?> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
Kevin Branch
Nov 28, 2017, 9:27:47 AM11/28/17
to securit...@googlegroups.com
IPS mode is what you need to intercept and block traffic in real time that matches specific NIDS rules in Suricata. If that is the kind of threat prevention that you are referring to, then sorry but Security Onion is not built nor intended for that kind of use of Suricata.
Kevin
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages