[Bro] setting a connection "service" in a signature
Stephane Chazelas
stephane.chazelas at gmail.com
Fri Aug 24 05:33:41 PDT 2012
2012-08-23 09:56:17 -0400, Seth Hall:
[...]
> Again, thanks for sending that in! Definitely a cool trick.
> Do you think you could package it up in a git repository like
> I've been doing with my recent scripts? The ssn-exposure
> script even has an example of @load-sigs
>
> https://github.com/sethhall/ssn-exposure
> https://github.com/sethhall/relog
[...]
Here you go:
https://github.com/stephane-chazelas/bro-skype-fake-https-detect
unfortunately, I couldn't test it. The bro I compiled from the
git head doesn't detect TCP connections properly (all marked as
OTH even after I disable NIC offloads), and I don't have any
time to look at it in any more detail.
--
Stephane
More information about the Bro
mailing list