Adding a New Protocol to Suricata: Live!
HTML-код
- Опубликовано: 4 дек 2022
- Presented at SuriCon 2022 by Juliana Fajardini Reichow
Often the Suricata community has questions about how to add a new protocol to the engine: how to get started, what are the mandatory points, how to get log output or detection… In this talk, we will cover the main steps for adding a new protocol to Suricata in Rust, using as a use-case a subset of messages from the STUN protocol (Simple Traversal of User Datagram Protocol (UDP) through Network Address Translators (NAT’s)).
The talk format will be a live coding session, during which the attendees will see, for a small subset of messages from the STUN protocol, how to:
- generate the basic methods necessary for Suricata to recognize STUN traffic (parsing messages and decoding traffic)
- generate eve-log output
- add Suricata-Verify tests
- add detection abilities
The idea is to provide the attendees with the basics for folks to feel comfortable successfully implementing a new protocol into Suricata. Развлечения