[Oisf-devel] new work on "protocol shepherds"

Anoop Saldanha anoopsaldanha at gmail.com
Thu Nov 29 16:02:53 UTC 2012


Probably including the et_pro list in your cc can get you folks
feedback on the keywords side of things.

On Thu, Nov 29, 2012 at 9:25 PM, Daniel Wyschogrod <dwyschogrod at bbn.com> wrote:
> Our current plan is to add detectors and introduce new keywords for the ICMP work.
>
> Dan
> ____________________
> Dan Wyschogrod
>
> Senior Scientist
> Cyber Security
> Raytheon/BBN Technologies
>
> dwyschogrod at bbn.com
>
>
>
>
> On Nov 29, 2012, at 9:59 AM, Victor Julien <victor at inliniac.net> wrote:
>
>> On 11/29/2012 03:49 PM, Ron Watro wrote:
>>> At BBN we are working on some “ protocol shepherds” that we’d like to
>>> contribute to Suricata.  Our idea is to build a set of rules that focus
>>> on a specific protocol and that detect the common attacks and/or misuses
>>> of the protocol.   We are starting with ICMP (we did note that there
>>> were some existing rules here) and after that will move to DNS and
>>> others.   Dan Wyschogrod and David Mandelberg are the key developers on
>>> the project.  We’ve got the OISF developer agreement and have sent that
>>> to our legal department for approval.  We’ll be posting more info and
>>> asking questions about Suricata shortly.   Looking forward to helping
>>> make Suricata an even bigger success.  –Ron Watro
>>
>> Sounds interesting. Will these be purely done using the existing rule
>> language, or will rule language extensions be necessary?
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>> Redmine: https://redmine.openinfosecfoundation.org/
>
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/



-- 
Anoop Saldanha



More information about the Oisf-devel mailing list