[Oisf-users] libinjection

Seth Hall seth at icir.org
Wed Jul 3 17:54:17 UTC 2013

On Jul 2, 2013, at 2:18 AM, Peter Manev <petermanev at gmail.com> wrote:

> Yes it is considered -
> https://redmine.openinfosecfoundation.org/issues/547

For the record, I just spent a few minutes and integrated this into Bro and ran it on some real world traffic and this isn't good.  There are a lot of false positives.  It's probably another one of those things that tends to work fine if you run it on your own server, but when you're watching general internet traffic it starts showing some flaws.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Oisf-users mailing list