[Oisf-devel] new work on "protocol shepherds"
Victor Julien
victor at inliniac.net
Thu Nov 29 14:59:12 UTC 2012
On 11/29/2012 03:49 PM, Ron Watro wrote:
> At BBN we are working on some “ protocol shepherds” that we’d like to
> contribute to Suricata. Our idea is to build a set of rules that focus
> on a specific protocol and that detect the common attacks and/or misuses
> of the protocol. We are starting with ICMP (we did note that there
> were some existing rules here) and after that will move to DNS and
> others. Dan Wyschogrod and David Mandelberg are the key developers on
> the project. We’ve got the OISF developer agreement and have sent that
> to our legal department for approval. We’ll be posting more info and
> asking questions about Suricata shortly. Looking forward to helping
> make Suricata an even bigger success. –Ron Watro
Sounds interesting. Will these be purely done using the existing rule
language, or will rule language extensions be necessary?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list