[Snort-devel] Snort Anomaly Detection

Bernhard Guillon Bernhard.Guillon at ...3094...
Fri Sep 17 09:24:38 EDT 2010


On 14.09.2010 08:48, Sandro guly Zaccarini wrote:
> On Tue, Sep 14, 2010 at 07:35:30AM +0200, Bernhard Guillon wrote:
>    
>> For PHAD you can use my patch [1].
>>      
> do you plan to maintain this patch for future snort release?
>    

The best would be to get it included into mainline :)

I try to write the required README and provide the test results. But it 
will take some time.
>
>    
>> I also have written an open source
>> anomaly traffic generator to create a more up to date dataset and tested
>> the implementation with it. I am currently cleaning it up for
>> publishing. It uses Virtual Machines some simulation theorie and Python.
>> It supports modules for "normal" traffic generation
>> (Firefox,email,Skype,FTP) and anomaly traffic generation (metasploit,
>> nmap, and arpspoof).
>>      
> seems very interesting :)
>
>    

Thanks! I hope to find enough time to release it next week :)

Best regards
Bernhard Guillon





More information about the Snort-devel mailing list