Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
How to stop massive port connections through Suricata
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to stop massive port connections through Suricata (Read 1945 times)
elvinmammadov
Newbie
Posts: 44
Karma: 0
How to stop massive port connections through Suricata
«
on:
December 17, 2021, 09:05:57 am »
Hello,
We have enabled Suricata, downloaded rules, some of the rules are enabled and disabled. If someone makes a massive connection for example to port 80, Suricata shows no alerts, and doesn't block it. We want to achieve Suricata block the remote IP address if someone tries massive connections. Do you know which rule should I enable? Thanks.
Logged
chemlud
Hero Member
Posts: 2486
Karma: 112
Re: How to stop massive port connections through Suricata
«
Reply #1 on:
December 17, 2021, 10:23:19 am »
If your firewall blocks port 80 you are fine. If you mean by "massive connection" kind of DOS attack, neither your firewall (irrespective of the brand) nor suricata/snort/whatever can do anything for you.
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
RamSense
Hero Member
Posts: 595
Karma: 10
Re: How to stop massive port connections through Suricata
«
Reply #2 on:
December 17, 2021, 01:50:15 pm »
maybe you are running reversed proxy nginx for your port 80? and with that set a limit by setting an amount in the settings of your upstream server options "Maximum Connections" ?
Can't think of anything else indeed.
Logged
elvinmammadov
Newbie
Posts: 44
Karma: 0
Re: How to stop massive port connections through Suricata
«
Reply #3 on:
December 17, 2021, 05:25:01 pm »
I want to test our Intrusion Detection. There are thousands of rules, we have left them in default, so we don't know which rules should be recommended to enable. I googled, but couldn't find best practice.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
How to stop massive port connections through Suricata