Comments for Inliniac

Comment on Suricata Lua scripting flowvar access by More on Suricata lua flowints | Inliniac

More on Suricata lua flowints | Inliniac — Tue, 23 Apr 2013 10:18:03 +0000

[...] to yesterday’s flowint script and the earlier flowvar based counting script, this performs [...]

Comment on Suricata Lua scripting flowint access by More on Suricata lua flowints | Inliniac

More on Suricata lua flowints | Inliniac — Tue, 23 Apr 2013 10:18:00 +0000

[...] ← Previous [...]

Comment on Suricata Lua scripting flowvar access by Suricata Lua scripting flowint access | Inliniac

Suricata Lua scripting flowint access | Inliniac — Mon, 22 Apr 2013 16:16:35 +0000

[...] few days ago I wrote about my Emerging Threats sponsored work to support flowvars from Lua scripts in [...]

Comment on Setting up an IPS with Fedora 17, Suricata and Vuurmuur by John

John — Sun, 24 Mar 2013 07:41:32 +0000

Hi,

Thanks for the tutorial, it helped me a lot installing Suricata IPS on SL6!
I can see packets going through the NFQUEUE fine and the facebook website test rule you provide works fine too.
However, I’m a little unsure of where to go from here. I’ve installed Oinkmaster to automatically update the rules from EmeringThreats each day.
Do I need to individually configure rules to ‘drop’ via Oinkmaster in order to get Suricata protecting the network?
There is lots if data showing up in fast.log, http.log, but I get the impression these are just alerts and nothing is actually being dropped.
In addition, if I enable drop logging, there are some packets being dropped, but it’s not clear what for

Thanks,
John

Comment on Listening on multiple interfaces with Suricata by Song Liu

Song Liu — Sun, 17 Mar 2013 20:00:30 +0000

In the separate traffic use case, it’s better to use separate flow table (per interface). In this way, i think it will reduce the contention for the flow table.

Comment on Fixing noise on Ubuntu Hardy 8.04, aka setting max_cstate by trillerpfeife

trillerpfeife — Thu, 21 Feb 2013 01:07:09 +0000

at markus and you many thanks!!

Comment on Migrating from ModSecurity 1.9.4 to 2.0.4 by Ravisankar

Ravisankar — Thu, 17 Jan 2013 04:43:35 +0000

i want to protect http://mysite.com/?ptrxcz_

Here i want to block request from ?ptrxcz_ this string . is it possible in modsecurity 1.9.4.

Comment on Suricata MD5 blacklisting by Matt Oney

Matt Oney — Wed, 16 Jan 2013 19:26:59 +0000

Has anyone set this up? I was looking to set this up on a pretty large network and was wondering about processing power, etc. If anyone can offer any suggestions about this please email me at matt_oney2002@yahoo.com

Comment on Suricata has experimental CUDA support by Sami J. Mäkinen

Sami J. Mäkinen — Thu, 10 Jan 2013 08:43:57 +0000

Yes, I joined the mailing list. And yes, I will gladly help you testing CUDA support.

Comment on Vuurmuur 0.8beta4 released by Stanislav Lechev [0xAF]

Stanislav Lechev [0xAF] — Mon, 07 Jan 2013 01:46:09 +0000

Good to know that new versions are coming, after so much time. Thanks for your great work.