IDS mailing list archives
Re: Intrusion Detection Evaluation Datasets
From: Seth Hall <hall.692 () osu edu>
Date: Fri, 20 Mar 2009 15:13:01 -0400
For some reason this didn't come across the list when I sent it the other night. In case it has to do with the attachments, I'll include URLs to the files here.
On Mar 18, 2009, at 4:21 PM, Damiano Bolzoni wrote:
I have to admit I have never looked at Bro signatures, although I know it approaches the problem differently. So, I'm really curious. :)
To be completely up front about it, this script is not in a shape that I would actually run it on our network traffic. I would likely do quite a few extra cleanups and additions to it before using it. Links to the script and are two traces (a matching trace and a non-matching trace) in a zip file at included at the bottom.
I'll include a short demo of the script here as well. ===================== $> cp ~/bro_scripts/ids-focus_example.bro ~/bro.trunk/ $> cd ~/bro.trunk/ $> export BROPATH=./policy:. $> ./src/bro -f"ip" -r ~/http-overflow.trace -C ids-focus_example.bro Potential HTTP overflow attack 192.168.3.103/54074 > 128.146.216.51/http URL Path: / Attempts overflow with 2000 instances of character: "R" ===================== ftp://ftp.infosec.ohio-state.edu/pub/users/seth/outgoing/ids-focus_example.bro ftp://ftp.infosec.ohio-state.edu/pub/users/seth/outgoing/example-traces.zip .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721
Current thread:
- Re: Intrusion Detection Evaluation Datasets, (continued)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stuart Staniford (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Jim Sansing (Ritasa LLC) (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 18)