Recently, I noticed that the bandwidth of my internet connection had dropped dramatically from 20Mb/s to 1Mb/s and when something is downloaded like OS distro image, a streamed video completely freezes because no bandwidth left.

My router has CPU: Intel(R) Atom(TM) CPU D2550 @ 1.86GHz (1862.04-MHz K8-class CPU) and 2GB of RAM.

I investigaded this problem and found out that suricata is consuming 110% CPU when I am trying to download something. Even when I am trying to browse the web, the CPU consumtion increases too high.

Suricata was setup to use Hyperscan pattern matching, but the problem was not in the configuration.

Disabling filtering rules of Suricata one by one had helped to find the problem.

The rule "abuse.ch/SSL Fingerprint Blacklist" was the problem. After I disabled it, the things went match faster. The download speed increased up to 15Mb/s on 105% CPU load.

Previous Post