[Bro] Detecting Encryption

Bas Vermeulen basvermeulen80 at yahoo.com
Mon Aug 24 08:31:16 PDT 2015


That touches my problem... Is it possible to have such a c++ analyzer plugin that looks at all connections? Or is a signature or port required for dynamic plugins?


On Mon, Aug 24, 2015 7:56 AM PDT Seth Hall wrote:

> On Aug 24, 2015, at 10:51 AM, nhtvl <bmixonb1 at cs.unm.edu> wrote:
> OK thanks. So I would write my own broscripts to do connection and
> file entropy analysis then right?
>These wouldn’t be written as scripts.  Connection and file analyzers needs to be written as plugins or in the core.  They are typically implemented in C++ or BinPAC.
>  .Seth
>Seth Hall
>International Computer Science Institute
>(Bro) because everyone has a network
>Bro mailing list
>bro at bro-ids.org

More information about the Bro mailing list