[Bro] flow-level analysis code

yangao y-gao2 at northwestern.edu
Thu Dec 16 10:18:55 PST 2004


I think Bro is really a good tool for intrusion detection. However, after I 
studied the reference manual, I found for offline analysis it can only use 
tcpdump packet level input. Could it also use flow-level analysis data as 
input? I want to detect some scan and SYN flooding attacks, does somebody 
have this kind of flow-level code or experience on this? If so, could you 
share it with us? Our purpose is purely for research.

Yan Gao 

More information about the Bro mailing list