Information Security Asked by loi219 on December 28, 2021
I’m working on a project to implement SDN in a network. One of my flows is redirecting to the Suricata IDS and the flow works in layer 2 with MAC address.
Since I’ve read that Snort only works in layer 3, I would like to know if it’s possible to write a rule on Suricata that filters on MAC address of source and destination?
Suricata implements a sub- and superset of the Snort language, but doesn't add support for matching on the layer 2.
Recently there has been some work on at least tracking and logging MAC addresses (see https://github.com/OISF/suricata/pull/4975), so L2 is getting a bit more love.
In general, I would suggest opening a feature ticket describing the use cases.
Answered by Victor Julien on December 28, 2021
4 Asked on January 20, 2021 by sentinel
3 Asked on January 18, 2021 by zud
0 Asked on January 17, 2021 by gloomyfit
1 Asked on January 16, 2021 by thunderbolt
0 Asked on January 14, 2021 by mechmk1
3 Asked on January 14, 2021 by brill
5 Asked on January 13, 2021 by sfrj
1 Asked on January 13, 2021 by joshnow
1 Asked on January 12, 2021 by awaaaaarghhh
2 Asked on January 10, 2021 by 888-999
22 Asked on January 9, 2021
2 Asked on January 8, 2021 by brigante
0 Asked on January 6, 2021 by olle-hudga
0 Asked on January 6, 2021 by jian25
3 Asked on January 4, 2021 by darren19824
Get help from others!
Recent Answers
Recent Questions
© 2023 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP