[Bro] flow-level analysis code

jean-philippe luiggi jp.luiggi at free.fr
Sun Dec 19 08:13:35 PST 2004


Vern Paxson wrote:

>>Maybe automatic 'stepping stone' detection based on flows? Or flow 
>>profiling (for backdoors and trojans with new prots)?
>>    
>>
>
>Yes, for some of that too.  I'm also working with some students on detecting
>some other types of anomalies that indicate likely attacks that work at
>this level.
>
>		Vern
>  
>
In fact using Bro/Netflow with "stepping stone" detection in mind is a 
very interestant concept,
likes all flows coming from the "outside" must travel something likes a 
router (normally), we've the ability to see and detecting a problem 
quickly (using the correct analyzer).









More information about the Bro mailing list