« Dorkbot: Malware That Uses Your Contacts to Spam, Infect Your PC, Steal Your Personal Data | Main | A Visualization of Country Code TLD Name Server Records »

Thursday, 29 November 2012

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Related to this discussion is logs derived from network traffic which Bro creates (http://www.bro-ids.org/). In my opinion we have turned logging into an art form and we put huge value and attention to our logs, what they contain, and that they're correct. Right now in our 2.1 distribution we do protocol logs for DNS, HTTP, Tunnels (6to4, Teredo, and AYIYA), SOCKS, Syslog, IRC, SSL, FTP, Connections, SMTP, SSH. In development we have Modbus, DNP3, and SMB.

The additional benefit is that the protocol logging is just barely scratching the surface of what Bro provides since Bro is a programming language and you can write your own scripts to analyze network traffic in any way you want.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)

Find me on Mastodon and Facebook
My Photo