[Bro] flow-level analysis code

Anton Chuvakin, Ph.D. anton at netForensics.com
Fri Dec 17 11:32:32 PST 2004


> I use Netflow every day and it may be a good thing to use it inside Bro.
> Who's interested on this topic ?
> I think i (we) may start something.

I am very interested, but it seems that it is somewhat outside the scope 
of Bro as a classic NIDS. Reading netflow will make no sense (for Bro) 
since there is no packet contents.

Best,
-- 
Anton Chuvakin, Ph.D., GCIA, GCIH - http://www.info-secure.org
Author of "Security Warrior" from O'Reilly - http://www.securitywarrior.com
Chief Security Strategist
Product Management Group
netForensics -  http://www.netForensics.com
**************************************************************************************************
The contents of this email and any attachments are confidential.
They are intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or  the 
sender immediately and do not disclose the contents to anyone or make copies.

** netForensics has  scanned this email for viruses, vandals and malicious content. **
**************************************************************************************************



More information about the Bro mailing list