Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question : How to apply SSLProxy to Suricata inline IDPS? #77

Open
samiux opened this issue Sep 8, 2024 · 1 comment
Open

Question : How to apply SSLProxy to Suricata inline IDPS? #77

samiux opened this issue Sep 8, 2024 · 1 comment

Comments

@samiux
Copy link

samiux commented Sep 8, 2024

I am setting up a Suricata inline IDPS with AF-PACKET. It is a 3 network interfaces device, two of the interfaces are without IP address and the other one is for management purpose. The two network interfaces are for capturing traffic from/to internet to/from internet via the Suricata.

My question is how to apply SSLProxy to the Suricata when Suricata does not have any IP address or port? Any suggestion? Thank you.
@sonertari
Copy link
Owner

The UTMFW project uses Snort as IPS, but SSLproxy requires modification in Snort sources, more specifically I have developed a Snort preprocessor for SSLproxy. See: https://github.com/sonertari/UTMFW/blob/master/ports/distfiles/snort-2.9.20_sslproxy.diff

But there is no such modification for Suricata yet. See: #8

Note that UTMFW uses divert sockets (not network sockets) to divert packets to Snort.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@samiux @sonertari