Zack, > I was wondering if anyone has > already written something that does this (ideally for Bro, but we could talk > about other IDSes as well).
A while back I started writing a python-based proxy that could talk to Perspectives and Convergence (I've since convinced myself its unlikely to be useful as a proxy, so the projects have mothballed themselves as such projects do). Reverse engineering the Convergence protocol took a little effort as I recall. The ICSI scheme didn't exist then or I didn't know about it at the time. Anyway, here's my stand alone python Perspectices client that also includes Convergence client support: https://github.com/von/pyPerspectives And here's the proxy framework, which I doubt will be useful, but just in case: https://github.com/von/PerProxy Von On Wed, Feb 27, 2013 at 4:35 PM, Zack Weinberg <[email protected]> wrote: > As part of a larger research project I'm thinking about the possibility of > running notary queries on every certificate that an IDS sees go by. Before I > sit down and pound out a bunch of code, I was wondering if anyone has > already written something that does this (ideally for Bro, but we could talk > about other IDSes as well). I also noticed that Convergence, Perspectives, > and the ICSI notary seem to implement three different query protocols (two > HTTP-based, one DNS-based); this seems like an unfortunate divergence to me, > and so I am also wondering if there is any plan to document and standardize > how notaries are queried. > > Thanks, > zw > > -- > You received this message because you are subscribed to the Google Groups > "perspectives-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > >
