In this post I’m going to walk through building a best-in-class, in-line, fail-open, IPS using a Suricata container running on a VyOS router.After reading a recent blog from the VyOS dev team demonstrating an example of supporting containers natively from the VyOS CLI, I knew I had to try it with...

---

Published on June 13, 2021 | 11 min read

suricata vyos ips intrusion prevention

tl;dr By manually changing the Linktype using a hex editor in the Interface Description Block (IDB) of the PCAPng file will convince the packet analysis software that only 1 type of interfaces were available at the time of capture.WARNING: Throughout this post I reference “PCAP” and “PCAPng” int...

---

Published on April 14, 2021 | 9 min read

pcap hex zeek suricata brim