[Bro] Detecting Encryption

nhtvl bmixonb1 at cs.unm.edu
Mon Aug 24 07:27:56 PDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Seth, was the link provided not a file entropy analyzer?

On 08/24/2015 07:59 AM, Seth Hall wrote:
> 
>> On Aug 21, 2015, at 3:50 PM, Robin Sommer <robin at icir.org> 
>> wrote:
>> 
>> Bro has functions to measure entropy, see 
>> https://www.bro.org/sphinx-git/scripts/base/bif/bro.bif.bro.html#id-f
ind_entropy.
>
>>
>>
>> 
> Unfortunately we still haven’t added file and connection entropy 
> analyzers yet.  I have a file entropy analyzer floating around 
> somewhere, but generally both of those are extremely easy to write.
> I think that Ben would need those to do what he’s trying to do.
> 
> .Seth
> 
> -- Seth Hall International Computer Science Institute (Bro) because
> everyone has a network http://www.bro.org/
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJV2ynsAAoJEO09Oz0uXqnK1K8H/RmbTLvghesVPVoPzjdmk5Ou
kGz1jGRA0rePMngbtAxMxSpnHi/S5FcMvpz8hyhvT5le23655hqpjtU98facdc6r
r+cNIp9nf9K3wWU5ToxaAXE+CCl+jc9+APwAwGDUgsF2f0QnVCejvXYxN77mBaS5
jAlWQLxV2hRdYzusb2WkaSOE2NtHnHzrdP4xzQrLiQDialhaUQBOvhH2537RUkSF
m1RLzuYY7Dd7ufpm6ERxTzoCuYoe6AxgSzYkOCaOl3kXf9nezfImXrSoaYyxfrlO
X9eRhsKDQRbjR8by25U5NRF3h9wZbFt7KIvCxhTJnG1MugncQyFomOWvtH3LA34=
=FaYJ
-----END PGP SIGNATURE-----


More information about the Bro mailing list