> On May 9, 2016, at 11:20 AM, Robin Sommer <ro...@icir.org> wrote: > > Actually I would propose something else: we recently added minimal > analyzers for IMAP and XMPP that parse just the beginning of a > session---just enough to confirm the protocol and, in these cases, > also use of SSL. That's an approach that I think could work more > generally as well: even if a full analyzer isn't feasible, doing just > the standard DPD confirmation for a protocol should usually be pretty > straight-forward.
Is this what Justin did for RDP, because I don’t think that was much effort, was it Justin? :Adam ------ Adam J. Slagell Chief Information Security Officer Director, Cybersecurity Division National Center for Supercomputing Applications University of Illinois at Urbana-Champaign www.slagell.info "Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure." _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
