NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-IDS> 2002-q1

From: Vern Paxson (vernicir.org)
Date: Tue Jan 01 2002 - 02:40:25 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> ... Are there any NIDS out there that can do
> this (basically evaluate the response against an earlier connection from
> source host/port combination and not report as error)?

Bro certainly can do this in general, as it makes it easy to maintain
extensive state. But if I understand what you want to do in particular,
I don't think it can, as it doesn't have an HTTP reply analyzer (it has
a request analyzer, though).

Those interested in checking out the current alpha release can find it from

ftp://ftp.ee.lbl.gov/.vp-bro-pub-0.7a90.tar.gz

and the draft manual at:

http://www.icir.org/vern/bro-alpha-html/

- Vern

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]