[Bro] Detecting Encryption
nhtvl
bmixonb1 at cs.unm.edu
Fri Aug 21 10:36:30 PDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I am relatively new to Bro and was wondering if Bro has any way of
detecting encryption and/or plain text in the dpd module or anywhere els
e.
I have several use cases.
1. I wish to determine whether a program that has an auto-update feature
is sending the updates using encryption.
2. I wish to determine if a chat application is sending data encrypted.
I had a suggestion from my advisor that I should compress the data
being sent over the wire to see if it is compressible or not and use
that in determining whether a stream is using encryption or not.
Any suggestions or advice on this problem would be greatly appreciated.
Regards,
Ben Mixon-Baca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJV12GeAAoJEO09Oz0uXqnKUX4IAMfFBsaEvcOMSMn/7kg4J5AH
xOvTlpmzUYXXHWHj/J+5rGf4VkHGej7I4vmIaQ1dxmCxGy/34is5m9y767f4AAuH
jazvC2ZLNOixYBq/H4sVKX7Vl5zUY8wU7ptKdbo2HxnaX4MHkbJg/bnD2c4mIhPN
3EuOIZgzdYGJIQWsIhCaZmuaiaO2JE+Kp6JlleYcbg+J7lUQd/34YU3Sv6snysGM
ON5hmbPISukkFXUAVCsIuRWYXkiAhdDPR1XHtp4pClu2EHOITcIChM9/6qsmqgr/
RXWHU5UOthJ/IgjLaNkTQ/YlBmFkTVJ9QnKCKNOQv8Uhc4+e1c4vVF7F8jrefVE=
=TgbT
-----END PGP SIGNATURE-----
More information about the Bro
mailing list