Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make pibs to write pcap with Anon dest IP #6

Open
dr0t opened this issue May 22, 2019 · 2 comments
Open

Make pibs to write pcap with Anon dest IP #6

dr0t opened this issue May 22, 2019 · 2 comments
Labels
enhancement New feature or request from:ihap ihap tf-csirt workshop

Comments

@dr0t
Copy link

dr0t commented May 22, 2019

pibs could rewrite the pcap and anonymize the dst_ip that contains the collector network.
RST and SYN-ACK traffic should be easy to rewrite.

Does pibs extract icmp?
@gallypette gallypette added the from:ihap ihap tf-csirt workshop label May 22, 2019
@gallypette
Copy link
Member

Hi,
good point--we should definitely work on that. I am wondering whether this kind of privacy filtering could be of any use on different points of the D4 chain (client side for instance).

pibs does not work on ICMP (yet)!

@gallypette gallypette added the enhancement New feature or request label May 22, 2019
@gallypette
Copy link
Member

For the record, we wrote a blog post about how to use tcprewrite to scrap information from captures: https://d4-project.org/2019/06/17/sharing-between-D4-sensors.html
We are still pondering the idea of implementing this directly into pibs though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request from:ihap ihap tf-csirt workshop
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gallypette @dr0t