[Bro-Dev] [JIRA] (BIT-1344) New SSH Analyzer
seth at icir.org
Wed Mar 25 11:01:34 PDT 2015
> On Mar 25, 2015, at 11:29 AM, Robin Sommer <robin at icir.org> wrote:
> I would prefer staying with the well-known ports. I see the argument
> for signature-only, but it would be inconsistent with how the other
> analyzers works, making it hard to explain to people what's going on.
> And I don't expect much of a problem in terms of efficienicy for SSH.
Ah, good point. I can see the argument to wait and do that all at once as yet another nail in the coffin of port-based-analysis.
International Computer Science Institute
(Bro) because everyone has a network
More information about the bro-dev