Bogon networks are IP address ranges that should never appear on the public internet, as they are either reserved or unassigned. Blocking these ranges is a fundamental and highly effective security measure. While this can be done with simple firewall rules, integrating the blocklist directly into the Suricata IP Reputation system is far more performant.
Continue reading Bogon Defense: Integrating Dynamic IP Blacklists into Suricata’s Reputation SystemTag: Bash Scripting
Automating IPS: Real-Time Suricata Rule Generation via Fail2ban Hook
In my last posts, I established a central syslog hub feeding Fail2ban and demonstrated Suricata as an intrusion prevention system (IPS). This final piece connects the two: feeding Suricata with the ban results from Fail2ban by creating a dynamic, external rule file.
Continue reading Automating IPS: Real-Time Suricata Rule Generation via Fail2ban Hook