🙂

Learning Rust: hash map lookup/insert pattern

In Suricata we’re experimenting with implementing app-layer parser in Rust. See Pierre Chifflier’s presentation at the last SuriCon: [pdf]. The first experimental parsers will soon land in master. So coming from a C world I often use a pattern like: … Continue reading → ... Read More

Vuurmuur Development Update

| | Development, Vuurmuur, vuurmuur-conf
Over the holidays I’ve spent some time refreshing the Vuurmuur code. One major thing that is now done is that the 3 different ‘projects’ (libvuurmuur, vuurmuur and vuurmuur-conf) are now merged into a single ‘project’. This means that a single … Continue reading → ... Read More

Suricata bits, ints and vars

Since the beginning of the project we’ve spoken about variables on multiple levels. Of course flowbits defined by the Snort language came first, but other flow based variables quickly followed: flowints for basic counting, and vars for extracting data using … Continue reading → ... Read More
🙂

Fuzzing Suricata with pcaps

| | Development, fuzzing, Suricata
Yesterday I wrote about fuzzing Suricata with AFL. Today I’m going to show another way. Since early in the project, we’ve shipped a perl based fuzzer called ‘wirefuzz’. The tool is very simple. It takes a list of pcaps, changes … Continue reading → ... Read More
afl

Fuzzing Suricata with AFL

| | afl, Development, fuzzing, Suricata
AFL is a very powerful fuzzer, that tries to be smarter than random input generating fuzzers. It’s cool, but needs a bit more baby sitting. I’ve added some support to Suricata to assist AFL. Here’s how to get started on … Continue reading → ... Read More
suri-400x400

Suricata 3.0 is out!

| | ids, IPS, new release, oisf, release, Suricata
Today, almost 2 years after the release of Suricata 2.0, we released 3.0! This new version of Suricata improves performance, scalability, accuracy and general robustness. Next to this, it brings a lot of new features. New features are too numerous … Continue reading → ... Read More
suri-400x400

New Suricata release model

| | Development, ids, IPS, oisf, release, Suricata
As the team is back from a very successful week in Barcelona, I’d like to take a moment on what we discussed and decided on with regards to development. One thing no one was happy with is how the release … Continue reading → ... Read More