[Bro-Dev] [Bro-Commits] [git/bro] topic/seth/libinjection: Integration with libinjection (https://github.com/client9/libinjection) (9ee6dff)

Matthias Vallentin vallentin at icir.org
Wed Jul 3 13:53:29 PDT 2013


>      - This is only for show.  I did a tiny bit of testing with real
>        network traffic and there were way too many false positives for
>        this to be really useful.  I'm not going to be filing a merge
>        request for this.

Very useful to know! I was about to offer a student to investigate the
efficacy of libinjection, but given the high FPs, I am less excited
about it. Do you think it's possible to improve on the FP rate or is
the "model" hardcoded in the library?

     Matthias


More information about the bro-dev mailing list