[Bro] Bro and ICMP

Seth Hall seth at icir.org
Fri Jun 24 06:23:55 PDT 2011

On Jun 24, 2011, at 9:15 AM, Dan Wyschogrod wrote:

> Several of us in the Cyber Security group at BBN are beginning to explore Bro for use in one of our projects.


> Is there active work going on in detecting ICMP irregularities using Bro?  

Not too actively, but I'm deep in the midst of a complete shipped-scripts rewrite.  I have a new ICMP script mostly done, but I was a little lost about where to go with it.  Any clues would be greatly appreciated.

> Is there any interest in contributions to Bro of some ICMP sensors we've begun working on?



Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list