I encoded whole file in base64 by using an online website. a encrypted text is generated where should i have to put it?
On the same dns-bl.lst file??
it is line by line with command ‘echo -n $orig_string| base64’
Yes sir,
echo -n zoom | base64
result - em9vbQ==
echo -n mega | base64
result - bWVnYQ==
Then put this encoded values in different-different lines of my dns-bl.lst file.
changed type: base64 in my suricata.yaml file in my datasets.
added to_base64; in my custom suricata signature rule. But still logs are not coming.
no, the dataset file has to be in base64 to be read as string by Suricata. No need to use the transformation in the signature.
Okay
And i have to change the type to base64 in datasets in the suricata.yaml file?
Is my implementation wrong? Please guide me Sir.
dataset-add dns-bl string Z29vZ2xlLmNvbQ==
This above command is not working.
unix-command is still enabled in suricata.yaml file
and my current version of suricata is 6.0.4
type of dataset is string. Encoding in the file on disk is base64.
not alerting you mean ?
Application is still working.
No alert found in /var/log/suricata/fast.log
Please share all the files you are using and a pcap dump of your test.
I created a rule drop ip any any → any any (msg:“APP-DETECT Zoom”; content:“zoom”; sid:231312; rev:1;)
and by using this rule zoom application blocked.
also create another rule drop ip any any → any any (msg:“APP-DETECT Mega”; content:“mega”; sid:231312; rev:1;)
and by using this rule mega application is blocked.
Now i want to configure a dataset file in which i write zoo and mega with base64 encryption.
and create a single rule to block both the applications but it’s not working.
I’m not doing real time or visio chat or phone call.
I understand sir,
But please try to understand my problem also.
I tried my best but still results are not coming.