如何设置传出流量的邪恶位
因此,对于我正在编写的安全相关应用程序,我实际上想使用 RFC3514(“邪恶位”)来确定每个数据包级别的网络中哪些流量是邪恶的或不是邪恶的。这用作辅助机器学习引擎的训练数据,因此应用程序必须事先知道哪些数据包是邪恶的,哪些不是。
这应该相当简单,只是设置一个 IP 层位。我尝试过使用 iptables 或 libpcap 来执行此操作,但要么它们没有该功能,要么我未能发现它。
能够为机器中的所有流量设置它就很好,但对输出的内容进行过滤会更好。 (比如能够指定设置哪些更高层协议,等等...)
我也在使用 Ubuntu。所以Linux解决方案是首选。但除此之外,使用什么方法来实现这一点并不重要。 Bash 脚本、c/c++ 应用程序、设置一些 sysctl 等等。
So for a security related application I'm writing, I actually want to use RFC3514 ("The Evil Bit") to determine what set of traffic across the network is evil or not at a per packet level. This is used as training data for an assisted machine learning engine, so the app has to know before hand what packets are evil and which are not.
This ought to be fairly simple, it's just setting a single IP layer bit. I've tried looking into doing this with iptables or libpcap, but either they don't have the functionality or I failed to discover it.
Being able to set it for all traffic out of a machine would be fine, but filters on what comes out would be better. (Like being able to specify what higher layer protocols get it set, etc...)
I'm using Ubuntu, as well. So Linux solutions preferred. But otherwise, it doesn't really matter what method is used to accomplish this. Bash script, c/c++ app, setting some sysctl, whatever.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
显然这实际上是为 FreeBSD 实现的 - 也许你可以看看他们的代码?
http://www.cs.columbia.edu/~smb/3514.html
Apparently this was actually implemented for FreeBSD - maybe you could look at their code?
http://www.cs.columbia.edu/~smb/3514.html
您有两种选择:
一种是使用 https://code.google.com/p/evilbitchanger/ ,基于 scapy 的脚本可以为您进行 Evil Bit 设置。
另一种是使用原始 scapy 脚本来制作带有 Evil 位的数据包。如文档所述,Scapy 能够非常轻松地设置 Evil Bit 标志。
希望这有帮助。
You have two options:
One is to use https://code.google.com/p/evilbitchanger/ , a scapy based script that does the Evil Bit setting work for you.
The other is to use raw scapy scripting to craft the packets with Evil bit. As documented, Scapy is capable of setting the Evil Bit flag quite easily.
Hope this helps.