Re: Snort Anomaly Detection

[Bernhard Guillon <Bernhard.Guillon () opensimpad org>]

On 14.09.2010 08:48, Sandro guly Zaccarini wrote:
> On Tue, Sep 14, 2010 at 07:35:30AM +0200, Bernhard Guillon wrote:
>    
> > For PHAD you can use my patch [1].
> >      
> do you plan to maintain this patch for future snort release?
>    

The best would be to get it included into mainline :)

I try to write the required README and provide the test results. But it 
will take some time.
>    
> > I also have written an open source
> > anomaly traffic generator to create a more up to date dataset and tested
> > the implementation with it. I am currently cleaning it up for
> > publishing. It uses Virtual Machines some simulation theorie and Python.
> > It supports modules for "normal" traffic generation
> > (Firefox,email,Skype,FTP) and anomaly traffic generation (metasploit,
> > nmap, and arpspoof).
> >      
> seems very interesting :)
>
>    

Thanks! I hope to find enough time to release it next week :)

Best regards
Bernhard Guillon


------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel