[Bro] Does bro REALLY SUPPORT port-independent analysis of application-layer protocols?
Seth Hall
seth at icir.org
Mon May 19 22:11:28 PDT 2014
On May 20, 2014, at 12:48 AM, (peter) <45070198 at qq.com> wrote:
> In the file /usr/local/bro/share/bro/base/protocols/socks/main.bro, there are some codes as following:
Take a look at socks/dpd.sig. Those are the signatures that are running and attempting to identify off-port SOCKS connections.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140520/7ac86414/attachment.bin
More information about the Bro
mailing list