Snort mailing list archives
Re: [Snort-users] Announce Unified2 Anonymiser v0.9.0b u2_anon
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 23 Jan 2012 08:43:31 -0500
Great work Eric. I've posted this on the blog. On Mon, Jan 23, 2012 at 4:53 AM, beenph <beenph () gmail com> wrote:
Greetings everyone, I am happy to announce the beta release of u2_anon. u2_anon is a tool that allow you to "share" anonymized unified2 file to help debug issue or share some result without compromising some information. u2_anon will not modify the unified2 file/files used at source, but it will create a copy of the source unified2 with anonimized data that can be shared. I strongly suggest that you run u2_anon on files that are not currently being written by snort, since it will not "spool" unified2 file like barnyard2 or other unified2 reader can do. u2_anon has 4 different level or anonymity level: [-eE:] [Anonymize Event] - Will set source and destination IP's of EVENT to ipv4 - "127.0.0.1" , ipv6 "::ffff:127.0.0.1" [-lL:] [Anonimize LinkLayer (ethernet)] - Will set source mac to AA:AA:AA:AA:AA:AA and dst mac to BB:BB:BB:BB:BB:BB [-pP:] [Anonymize Packet data] - Will Zero out packet payload [-xX:] [Anonymize Extra DATA event] - Will set IP information to "loopback" and extra data "data" will be zeroed. u2_anon can work on single file or directory containing multiple files. Note that u2_anon is still beta and a few feature will be added along the way, if you have comment or suggestion or bug/issues, feel free to let me know. You can download it directly from here https://github.com/binf/u2_anon/tags Happy unified2 anonymization! -Eric Lauzon ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net Twitter: http://twitter.com/snort
------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Announce Unified2 Anonymiser v0.9.0b u2_anon beenph (Jan 23)
- Re: [Snort-users] Announce Unified2 Anonymiser v0.9.0b u2_anon Joel Esler (Jan 23)