[Bro] does bro-ids support parsing QUIC?
Jason Haar
jason_haar at trimble.com
Fri Jan 6 19:47:42 PST 2017
Hey there
I'm using the ssl.log files to augment our proxy logs (we have transparent
proxy on port 80, but I believe TLS intercept has no future, so I'm using
bro-ids to capture tcp/443 SNI data - as it's better than doing nothing)
Works well - but I don't think QUIC is supported? Any chance of that being
supported - same outcome as HTTPS: just after the SNI data...
FYI: QUIC is basically HTTP/2 over UDP
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170107/98469df8/attachment.html
More information about the Bro
mailing list