[Oisf-users] [Question] About packet manipulate using suricata

Andreas Herz andi at geekosphere.org
Wed Feb 15 20:21:27 UTC 2017


Hi,

please respond to the list

On 14/02/17 at 15:00, djhong813 at gmail.com wrote:
> As you requested, I can explain for more detail.
> In my project, I use ip header structure that defined and located at /usr/include/netinet/ip.h in linux.
> I modified that file to add option value like figure I attached.
> And I just want to manipulate the option value indicated by the red box using Suricata.
> If it is difficult to modify with Suricata, can I use Suricata to manipulate the source and destination address?

As far as I can tell that won't be possible unless you change the code
of suricata as well. But maybe someone else has an idea.

The question is what you want to achive by that IMHO

> Please let me know if it is possible or not.
> 
> Thanks and regerds
> 
> DongJin
> 
> 홍동진 DongJin Hong
> 성균관대학교 전자전기컴퓨터공학과 석사과정
> MS Student
> Dept. of Electrical and Computer Engineering
> Sungkyunkwan University
> E-mail : djhong813 at skku.edu, djhong813 at gmail.com
> 
> 보낸 사람: Andreas Herz
> 보낸 날짜: 2017년 2월 14일 화요일 오전 4:55
> 받는 사람: oisf-users at lists.openinfosecfoundation.org
> 제목: Re: [Oisf-users] [Question] About packet manipulate using suricata
> 
> On 12/02/17 at 22:27, djhong813 at gmail.com wrote:
> > Also, I googled and confirmed that Suricata can manipulate packet if I want to. 
> 
> Can you be more verbose about that? In IPS mode you can react and
> instead of accepting packets you can drop or reject them.
> 
> > So I have to send packet to another component after the firewall creating the output and before the packet sending to destination.
> > But I have no idea where the packets could be manipulated and which source code could be modified in the Suricata opensource.
> > So, could you guys tell me what source code have to modified?
> 
> Without more details it's hard to tell what you want to achieve exactly
> and how you might succeed.
> 
> -- 
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 



-- 
Andreas Herz



More information about the Oisf-users mailing list