[Oisf-users] libinjection
Victor Julien
lists at inliniac.net
Thu Jul 4 09:10:01 UTC 2013
On 07/04/2013 09:26 AM, Kevin Ross wrote:
> Well that is dissapointing. Perhaps the solution is having Suricata or
> BRO being able to pass traffic into modsecurity with the ability to
> define which websites (HTTP and HTTPS with certs) is passed in?
> Hopefully getting the benefits of modsecurity without having to worry
> about fully intergrating individual detections such as libinjection and
> other new or experimental things directly into Suricata/Bro.
ModSecurity actually also uses libinjection :)
Cheers,
Victor
> On 3 July 2013 18:54, Seth Hall <seth at icir.org <mailto:seth at icir.org>>
> wrote:
>
>
> On Jul 2, 2013, at 2:18 AM, Peter Manev <petermanev at gmail.com
> <mailto:petermanev at gmail.com>> wrote:
>
> > Yes it is considered -
> > https://redmine.openinfosecfoundation.org/issues/547
>
>
> For the record, I just spent a few minutes and integrated this into
> Bro and ran it on some real world traffic and this isn't good.
> There are a lot of false positives. It's probably another one of
> those things that tends to work fine if you run it on your own
> server, but when you're watching general internet traffic it starts
> showing some flaws.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list