[Zeek] Signature for IoT Devices
Neslog
neslog at gmail.com
Mon Feb 3 15:54:50 PST 2020
I’d be happy to help. I don’t have any signatures off hand but happy to
analyze pcaps.
I have a few devices on home WiFi. I’ll dump some traffic and see what I
can come up with.
On Mon, Feb 3, 2020 at 6:41 PM Jonah Cartwright <jacartwright at g.hmc.edu>
wrote:
> Not any particular reason, we were asked to use Zeek for the project, and
> figured signatures was the best method to use in Zeek.
>
> On Mon, Feb 3, 2020 at 3:27 PM Richard Bejtlich <richard at corelight.com>
> wrote:
>
>> Just curious — if you prefer signatures, why choose Zeek over Suricata?
>>
>> Sincerely,
>>
>> Richard
>>
>> On Mon, Feb 3, 2020 at 5:51 PM Jonah Cartwright <jacartwright at g.hmc.edu>
>> wrote:
>>
>>> Hi Zeek Community,
>>>
>>> I am working on a project to identify IoT devices on a network. We are
>>> primarily working with the signatures framework. We would like to write
>>> signatures for different device types (i.e. smart plug, smart speaker,
>>> etc.). Does anyone have any advice on how to start going about this in
>>> terms of unique identifiers or protocols these IoT devices may be using
>>> that other devices may not use?
>>>
>>> Thanks,
>>> Jonah
>>> _______________________________________________
>>> Zeek mailing list
>>> zeek at zeek.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>>
>> --
>> Richard Bejtlich
>> Principal Security Strategist, Corelight
>> https://corelight.blog/author/richardbejtlich/
>>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200203/edfe6c3f/attachment.html
More information about the Zeek
mailing list