Snort mailing list archives
Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures?
From: Dimitri Syuoul <dsyuoul () gmail com>
Date: Fri, 22 Jan 2010 16:00:25 -0600
On Fri, Jan 22, 2010 at 2:42 PM, Richard Bejtlich <taosecurity () gmail com> wrote:
[1] http://taosecurity.blogspot.com/2006/09/port-independent-protocol.html [2] http://bro-ids.org/wiki/index.php/DynamicProtocolDetection
Interesting enough the L7-filter and IPP2P projects seem to be dead. http://bro-ids.org/wiki/index.php/DynamicProtocolDetection is an interesting concept but it appears to be general.. and doesnt seem to be ready for production.. Dimitri ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Dimitri Syuoul (Jan 22)
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Richard Bejtlich (Jan 22)
- Message not available
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Dimitri Syuoul (Jan 22)
- Message not available
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Richard Bejtlich (Jan 22)
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Jason Brvenik (Jan 23)