[Bro] Detecting Encryption
basvermeulen80 at yahoo.com
Mon Aug 24 08:31:16 PDT 2015
That touches my problem... Is it possible to have such a c++ analyzer plugin that looks at all connections? Or is a signature or port required for dynamic plugins?
On Mon, Aug 24, 2015 7:56 AM PDT Seth Hall wrote:
> On Aug 24, 2015, at 10:51 AM, nhtvl <bmixonb1 at cs.unm.edu> wrote:
> OK thanks. So I would write my own broscripts to do connection and
> file entropy analysis then right?
>These wouldn’t be written as scripts. Connection and file analyzers needs to be written as plugins or in the core. They are typically implemented in C++ or BinPAC.
>International Computer Science Institute
>(Bro) because everyone has a network
>Bro mailing list
>bro at bro-ids.org
More information about the Bro