[Oisf-devel] new work on "protocol shepherds"

Peter Manev petermanev at gmail.com
Thu Nov 29 16:29:57 UTC 2012


Exciting.
I am looking forward to some samples/examples.

On Thu, Nov 29, 2012 at 5:02 PM, Anoop Saldanha <anoopsaldanha at gmail.com>wrote:

> Probably including the et_pro list in your cc can get you folks
> feedback on the keywords side of things.
>
> On Thu, Nov 29, 2012 at 9:25 PM, Daniel Wyschogrod <dwyschogrod at bbn.com>
> wrote:
> > Our current plan is to add detectors and introduce new keywords for the
> ICMP work.
> >
> > Dan
> > ____________________
> > Dan Wyschogrod
> >
> > Senior Scientist
> > Cyber Security
> > Raytheon/BBN Technologies
> >
> > dwyschogrod at bbn.com
> >
> >
> >
> >
> > On Nov 29, 2012, at 9:59 AM, Victor Julien <victor at inliniac.net> wrote:
> >
> >> On 11/29/2012 03:49 PM, Ron Watro wrote:
> >>> At BBN we are working on some “ protocol shepherds” that we’d like to
> >>> contribute to Suricata.  Our idea is to build a set of rules that focus
> >>> on a specific protocol and that detect the common attacks and/or
> misuses
> >>> of the protocol.   We are starting with ICMP (we did note that there
> >>> were some existing rules here) and after that will move to DNS and
> >>> others.   Dan Wyschogrod and David Mandelberg are the key developers on
> >>> the project.  We’ve got the OISF developer agreement and have sent that
> >>> to our legal department for approval.  We’ll be posting more info and
> >>> asking questions about Suricata shortly.   Looking forward to helping
> >>> make Suricata an even bigger success.  –Ron Watro
> >>
> >> Sounds interesting. Will these be purely done using the existing rule
> >> language, or will rule language extensions be necessary?
> >>
> >> --
> >> ---------------------------------------------
> >> Victor Julien
> >> http://www.inliniac.net/
> >> PGP: http://www.inliniac.net/victorjulien.asc
> >> ---------------------------------------------
> >>
> >> _______________________________________________
> >> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> >> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> >> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> >> Redmine: https://redmine.openinfosecfoundation.org/
> >
> >
> > _______________________________________________
> > Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> > Redmine: https://redmine.openinfosecfoundation.org/
>
>
>
> --
> Anoop Saldanha
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
>



-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121129/9dd5d332/attachment-0002.html>


More information about the Oisf-devel mailing list