[Bro] About Specification Based detection
kanthi myneni
kanthimyneni at gmail.com
Wed Nov 14 10:00:39 PST 2007
Hi,
Much more specific into specification based. Like if there is one
specification "a
valid SMTP greeting is no longer than NN bytes long . We need to know
that NN bytes. Similiarly I believe that there are some specifications
built in bro. Is there any way to know more about those specifications
like how threshold is set... Can any one suggest me any reference
which will help me know more about this stuff...
Thanks&Regards,
KAnthi.
More information about the Bro
mailing list