Snort mailing list archives
Re: Modifying DNP3 Content
From: "Russ Combs \(rucombs\) via Snort-devel" <snort-devel () lists snort org>
Date: Thu, 19 Sep 2019 05:06:18 +0000
Hey Chamara, You will have better luck with Snort 3. You can open a pull request at https://github.com/snort3/snort3.git. This is a non-trivial change to do in.a generic way and it would be low priority but we will take a look and get back to you. Thanks Russ From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Chamara Devanarayana via Snort-devel <snort-devel () lists snort org> Reply-To: Chamara Devanarayana <Chamara () rtds com> Date: Wednesday, September 18, 2019 at 5:02 PM To: "snort-devel () lists snort org" <snort-devel () lists snort org> Subject: [Snort-devel] Modifying DNP3 Content Hi, I tried to use SNORT inline to modify DNP3 application data. Although SNORT modified the data it did not modify the CRC which is there after the first 8 bytes and then after each 16 bytes. Therefore, there was a CRC error at the DNP3 Master. I modified the sp_replace to handle this and it was working after that. Is it possible to contribute the changes that I made in the SNORT repo? If so what is the procedure for doing so? Thanks, Best regards, Chamara Devanarayana Simulation Specialist RTDS Technologies Inc.
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Modifying DNP3 Content Chamara Devanarayana via Snort-devel (Sep 18)
- <Possible follow-ups>
- Re: Modifying DNP3 Content Russ Combs (rucombs) via Snort-devel (Sep 18)
- Re: Modifying DNP3 Content Chamara Devanarayana via Snort-devel (Sep 19)