[Bro] Does bro REALLY SUPPORT port-independent analysis of application-layer protocols?
seth at icir.org
Mon May 19 22:11:28 PDT 2014
On May 20, 2014, at 12:48 AM, （peter） <45070198 at qq.com> wrote:
> In the file /usr/local/bro/share/bro/base/protocols/socks/main.bro, there are some codes as following:
Take a look at socks/dpd.sig. Those are the signatures that are running and attempting to identify off-port SOCKS connections.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140520/7ac86414/attachment.bin
More information about the Bro