Matching data between different packets
-
Please give me a hand with one task. I need to compare Timestamp field between Goose protocol packets to prevent a MITM attack. Can I solve it using Suricata rules?
-
@volnodumcev said in Matching data between different packets:
Please give me a hand with one task. I need to compare Timestamp field between Goose protocol packets to prevent a MITM attack. Can I solve it using Suricata rules?
I do not believe that is possible with either Suricata or Snort rules syntax. But I confess to not being a rule writing guru. You might consider posting your question on the mailing lists for Suricata.
Here are the Suricata Mailing Lists: https://lists.openinfosecfoundation.org/mailman/listinfo.