[Bro] Detecting OpenVPN
Michał Purzyński
michalpurzynski1 at gmail.com
Fri Jun 15 02:27:54 PDT 2018
Maybe the initial SSL handshake is unique enough to warrant JA3 signature?
The SSL analyzer does not attach there, but maybe that’s because it’s UDP?
Johanna?
> On Jun 15, 2018, at 12:47 AM, Mike Eriksson <mike at swedishmike.org> wrote:
>
> All,
>
> Before I set out to re-invent the wheel, yet again, I thought I'd post the question to this list first. Is anyone aware of any work that's been done to get OpenVPN detection in Bro?
>
> Just getting detection on the handshake/initial connection should be a good enough start in my book. Wireshark have OpenVPN protocol support so it seems to be doable.
>
> Any feedback/ideas out there?
>
> Thanks in advance, Mike
> --
>
> website: http://swedishmike.org
> twitter: https://twitter.com/swedishmike
> github: http://github.com/swedishmike
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180615/4d0d7578/attachment.html
More information about the Bro
mailing list