Snort mailing list archives
Re: Adding artificial delay to packets in snort
From: "Russ Combs \(rucombs\) via Snort-devel" <snort-devel () lists snort org>
Date: Thu, 5 Mar 2020 21:17:23 +0000
Chamara, If you use Snort 3 with an appropriate DAQ module, you should be able to detain packets and forward them later. You can also drop packets vs block flows. Russ From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Chamara Devanarayana via Snort-devel <snort-devel () lists snort org> Reply-To: Chamara Devanarayana <Chamara () rtds com> Date: Thursday, March 5, 2020 at 3:01 PM To: "Joel Esler (jesler)" <jesler () cisco com> Cc: "snort-devel () lists snort org" <snort-devel () lists snort org> Subject: Re: [Snort-devel] Adding artificial delay to packets in snort Hi Joel, We are trying to build a test bed to simulate Cyber attacks on Power systems. The company I work for make Power system simulators. There are only a handful of companies around the world that does it. I have been able to use snort to manipulate data on protocols like DNP3, MODBUS, GOOSE,SV etc. Now I need to see the response of the controllers and Intelligent electronic devices (and the power system as the end result) to the delays, packet drops packet reordering etc. I am trying to use snort to achieve it since I already use it to manipulate data. This packet manipulation can also be used to nullify attacks when detected. Thanks, Best regards, Chamara From: Joel Esler (jesler) <jesler () cisco com> Sent: March 5, 2020 1:23 PM To: Chamara Devanarayana <Chamara () rtds com> Cc: snort-devel () lists snort org Subject: Re: [Snort-devel] Adding artificial delay to packets in snort What is the problem that you are trying to solve for? On Mar 5, 2020, at 2:02 PM, Chamara Devanarayana via Snort-devel <snort-devel () lists snort org<mailto:snort-devel () lists snort org>> wrote: Dear all, Is there a way in snort to add an artificial delay to the packets? I tried using usleep() and nanosleep(). However, they did not work snort just ignores those. My second approach was to drop tcp packets and again schedule them using the alarm() function how ever snort does not drop individual tcp packets I can only drop the entire session. Then I tried to use the traffic control utility in linux together with snort inline. It does some strange things like duplicating packets. Any help in this regard is highly appreciated. Thanks, Best regards, Chamara Devanarayana Simulation Specialist RTDS Technologies Inc. _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org<mailto:Snort-devel () lists snort org> https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Adding artificial delay to packets in snort Chamara Devanarayana via Snort-devel (Mar 05)
- Re: Adding artificial delay to packets in snort Joel Esler (jesler) via Snort-devel (Mar 05)
- Re: Adding artificial delay to packets in snort Chamara Devanarayana via Snort-devel (Mar 05)
- Re: Adding artificial delay to packets in snort Russ Combs (rucombs) via Snort-devel (Mar 05)
- Re: Adding artificial delay to packets in snort Chamara Devanarayana via Snort-devel (Mar 05)
- Re: Adding artificial delay to packets in snort Chamara Devanarayana via Snort-devel (Mar 05)
- Re: Adding artificial delay to packets in snort Joel Esler (jesler) via Snort-devel (Mar 05)