[Oisf-users] libinjection

Kevin Ross kevross33 at googlemail.com
Thu Jul 4 07:26:34 UTC 2013

Well that is dissapointing. Perhaps the solution is having Suricata or BRO
being able to pass traffic into modsecurity with the ability to define
which websites (HTTP and HTTPS with certs) is passed in? Hopefully getting
the benefits of modsecurity without having to worry about fully
intergrating individual detections such as libinjection and other new or
experimental things directly into Suricata/Bro.


On 3 July 2013 18:54, Seth Hall <seth at icir.org> wrote:

> On Jul 2, 2013, at 2:18 AM, Peter Manev <petermanev at gmail.com> wrote:
> > Yes it is considered -
> > https://redmine.openinfosecfoundation.org/issues/547
> For the record, I just spent a few minutes and integrated this into Bro
> and ran it on some real world traffic and this isn't good.  There are a lot
> of false positives.  It's probably another one of those things that tends
> to work fine if you run it on your own server, but when you're watching
> general internet traffic it starts showing some flaws.
>   .Seth
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130704/0f0ff321/attachment-0002.html>

More information about the Oisf-users mailing list