[Discussion] How to create this Suricata rule?

Qinwen Hu qhu009 at aucklanduni.ac.nz
Sun Jan 18 03:16:28 UTC 2015


Hi everyone,

 I am a new Suricata user, I haves some experiences of using Snort.
Recently, I find a new attack in our IPv6 network; I am thinking to create
a new Suricata rule for detecting this attack. But there is one requirement
for creating this rule. We have to record some information from the
previous packets that include the IP addresses, payload information and
port numbers. And then we have to compare a new packet’s payload with those
previous records. Does Suricate allow me to this? If possible, how should I
do it?

Thank you for your kind cooperation.


Kind regards,

Steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20150118/14088f80/attachment.html>


More information about the Discussion mailing list