[Discussion] a few ideas

Martin Holste mcholste at gmail.com
Thu Mar 5 14:58:45 UTC 2009


All I want from the engine is protocol decoding, grepping, and a big fat
two-way pipe to everything else.  I think those other tasks are still in
scope for the OISF group, I just want to keep them as far away from libpcap
as possible.

--Martin

On Thu, Mar 5, 2009 at 1:47 AM, Victor Julien <lists at inliniac.net> wrote:

> Edward Bjarte Fjellskål wrote:
> > I want to take this one step further, and try to do this automatic... Im
> > working on a little perl daemon, to sniff the traffic, and detect OS and
> > Services running on my network. Hopefully, in the future, this could be
> > used to
> > automatically help in the "auto categorization" of events... in sguil or
> > other IDS gui...
> > ( http://www.gamelinux.org/?p=43  and
> http://gamelinux.github.com/prads/ )
>
> I'm still a bit torn on whether we should have the engine itself do the
> detection of this information or if we should enable the engine to be
> fed this info by external programs like your prads.
>
> Thoughts anyone?
>
> Regards,
> Victor
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20090305/7e3afcf0/attachment-0002.html>


More information about the Discussion mailing list