[Bro] flow-level analysis code
jean-philippe luiggi
jp.luiggi at free.fr
Sun Dec 19 08:13:35 PST 2004
Vern Paxson wrote:
>>Maybe automatic 'stepping stone' detection based on flows? Or flow
>>profiling (for backdoors and trojans with new prots)?
>>
>>
>
>Yes, for some of that too. I'm also working with some students on detecting
>some other types of anomalies that indicate likely attacks that work at
>this level.
>
> Vern
>
>
In fact using Bro/Netflow with "stepping stone" detection in mind is a
very interestant concept,
likes all flows coming from the "outside" must travel something likes a
router (normally), we've the ability to see and detecting a problem
quickly (using the correct analyzer).
More information about the Bro
mailing list