[Bro] Detecting Encryption

Bas Vermeulen basvermeulen80 at yahoo.com
Mon Aug 24 08:31:16 PDT 2015


Hi,

That touches my problem... Is it possible to have such a c++ analyzer plugin that looks at all connections? Or is a signature or port required for dynamic plugins?

Bas



------------------------------
On Mon, Aug 24, 2015 7:56 AM PDT Seth Hall wrote:

>
> On Aug 24, 2015, at 10:51 AM, nhtvl <bmixonb1 at cs.unm.edu> wrote:
> 
> OK thanks. So I would write my own broscripts to do connection and
> file entropy analysis then right?
>
>These wouldn’t be written as scripts.  Connection and file analyzers needs to be written as plugins or in the core.  They are typically implemented in C++ or BinPAC.
>
>  .Seth
>
>--
>Seth Hall
>International Computer Science Institute
>(Bro) because everyone has a network
>http://www.bro.org/
>
>
>_______________________________________________
>Bro mailing list
>bro at bro-ids.org
>http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro




More information about the Bro mailing list