Snort mailing list archives

Re: Modifying DNP3 Content

From: Chamara Devanarayana via Snort-devel <snort-devel () lists snort org>
Date: Thu, 19 Sep 2019 14:12:34 +0000

Dear Russ,
Thanks for getting back to me. We also have plans to write preprocessors for Power system protection and control 
related protocols such as Sample Value, PMU, IEC 104 and Goose. These are written mainly for the users to change the 
incoming data and see its impact on the simulated Power system. In our company we make power system simulators. So idea 
is to let the Utilities, Consultants and researchers in the universities see the impact of Cyber-Physical events.
Thanks,
Best regards,
Chamara

From: Russ Combs (rucombs) <rucombs () cisco com>
Sent: September 19, 2019 12:06 AM
To: Chamara Devanarayana <Chamara () rtds com>; snort-devel () lists snort org
Subject: Re: [Snort-devel] Modifying DNP3 Content

Hey Chamara,

You will have better luck with Snort 3.  You can open a pull request at https://github.com/snort3/snort3.git.

This is a non-trivial change to do in.a generic way and it would be low priority but we will take a look and get back 
to you.

Thanks
Russ

From: Snort-devel <snort-devel-bounces () lists snort org<mailto:snort-devel-bounces () lists snort org>> on behalf of 
Chamara Devanarayana via Snort-devel <snort-devel () lists snort org<mailto:snort-devel () lists snort org>>
Reply-To: Chamara Devanarayana <Chamara () rtds com<mailto:Chamara () rtds com>>
Date: Wednesday, September 18, 2019 at 5:02 PM
To: "snort-devel () lists snort org<mailto:snort-devel () lists snort org>" <snort-devel () lists snort 
org<mailto:snort-devel () lists snort org>>
Subject: [Snort-devel] Modifying DNP3 Content

Hi,
I tried to use SNORT inline to modify DNP3 application data. Although SNORT modified the data it did not modify the CRC 
which is there after the first 8 bytes and then after each 16 bytes. Therefore, there was a CRC error at the DNP3 
Master. I modified the sp_replace to handle this and it was working after that. Is it possible to contribute the 
changes that I made in the SNORT repo? If so what is the procedure for doing so?
Thanks,
Best regards,
Chamara Devanarayana
Simulation Specialist
RTDS Technologies Inc.

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Modifying DNP3 Content Chamara Devanarayana via Snort-devel (Sep 18)
- <Possible follow-ups>
- Re: Modifying DNP3 Content Russ Combs (rucombs) via Snort-devel (Sep 18)
  - Re: Modifying DNP3 Content Chamara Devanarayana via Snort-devel (Sep 19)