[Bro] flow-level analysis code
yangao
y-gao2 at northwestern.edu
Thu Dec 16 10:18:55 PST 2004
Hi,
I think Bro is really a good tool for intrusion detection. However, after I
studied the reference manual, I found for offline analysis it can only use
tcpdump packet level input. Could it also use flow-level analysis data as
input? I want to detect some scan and SYN flooding attacks, does somebody
have this kind of flow-level code or experience on this? If so, could you
share it with us? Our purpose is purely for research.
Thx.
Yan Gao
More information about the Bro
mailing list