This article documents a two-part process: successfully upgrading Suricata to version 7 on Debian Bookworm and solving a critical stability issue required to run the AF-Packet IPS mode with high-performance VirtIO NICs in a virtual machine. Without this specific configuration, the IPS failed to function.
Continue reading Suricata AF-Packet: Resolving VirtIO Non-Functionality via Checksum Offload DisablementTag: AF-Packet
Suricata IPS: Building a Transparent Network Defense Layer with AF-Packet Bridging
Suricata functions as a powerful engine for Network Intrusion Detection and Prevention (IDS/IPS). This guide demonstrates how to set up Suricata as a transparent Intrusion Prevention System (IPS) within a KVM environment by replacing the kernel bridge with the high-performance AF-Packet mechanism.
Continue reading Suricata IPS: Building a Transparent Network Defense Layer with AF-Packet Bridging