[Bro] flow-level analysis code
Randolph Reitz
rreitz at fnal.gov
Thu Dec 16 12:22:19 PST 2004
Fermilab uses a package named 'flow-tools' that was originally
developed at Ohio State Unix. The first Google hit is...
http://www.splintered.net/sw/flow-tools/
Randy Reitz
Computer Security Team
On Dec 16, 2004, at 12:18 PM, yangao wrote:
> Hi,
>
> I think Bro is really a good tool for intrusion detection. However,
> after I studied the reference manual, I found for offline analysis it
> can only use tcpdump packet level input. Could it also use flow-level
> analysis data as input? I want to detect some scan and SYN flooding
> attacks, does somebody have this kind of flow-level code or experience
> on this? If so, could you share it with us? Our purpose is purely for
> research.
> Thx.
>
> Yan Gao
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list