OpenSource Ghost
Limp Gawd
- Joined
- Feb 14, 2022
- Messages
- 232
There are parts of Suricata IPS/IDS that inspect packet content and block malicious IP's. I can how both of those are useful, but another part of Suricata IPS/IDS is addition of 2 filters ("src,src,dst" & "dst,dst,src") to IPTables INPUT and FORWARD. Based on Suricata documention (or my poor understanding of it), those 2 rules simply match sources and destinations. Shouldn't NAT do that on its own without any need for IPS/IDS?
Am I correct to understand that mailicous IP blocking and source/destination parts of IDS/IPS can function without DPI? On my network, DPI detects 99% of content as "Unknown" and the other 1% as "SSL/TLS" because almost everything is encrypted via VPN. I am not sure if IDS/IPS is even useful such a situation.
Am I correct to understand that mailicous IP blocking and source/destination parts of IDS/IPS can function without DPI? On my network, DPI detects 99% of content as "Unknown" and the other 1% as "SSL/TLS" because almost everything is encrypted via VPN. I am not sure if IDS/IPS is even useful such a situation.