[Oisf-devel] new work on "protocol shepherds"
Daniel Wyschogrod
dwyschogrod at bbn.com
Thu Nov 29 15:55:48 UTC 2012
Our current plan is to add detectors and introduce new keywords for the ICMP work.
Dan
____________________
Dan Wyschogrod
Senior Scientist
Cyber Security
Raytheon/BBN Technologies
dwyschogrod at bbn.com
On Nov 29, 2012, at 9:59 AM, Victor Julien <victor at inliniac.net> wrote:
> On 11/29/2012 03:49 PM, Ron Watro wrote:
>> At BBN we are working on some “ protocol shepherds” that we’d like to
>> contribute to Suricata. Our idea is to build a set of rules that focus
>> on a specific protocol and that detect the common attacks and/or misuses
>> of the protocol. We are starting with ICMP (we did note that there
>> were some existing rules here) and after that will move to DNS and
>> others. Dan Wyschogrod and David Mandelberg are the key developers on
>> the project. We’ve got the OISF developer agreement and have sent that
>> to our legal department for approval. We’ll be posting more info and
>> asking questions about Suricata shortly. Looking forward to helping
>> make Suricata an even bigger success. –Ron Watro
>
> Sounds interesting. Will these be purely done using the existing rule
> language, or will rule language extensions be necessary?
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2593 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121129/3fb1768f/attachment-0002.bin>
More information about the Oisf-devel
mailing list