Portscan and DDoS? Working Group
This group has a mailing list for discussion here:
http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-wg-portscan
The goal of this working group is to make recommendations regarding two major subjects:
- Is traditional portscan detection functionality useful enough to be reimplemented in the OISF engine?
- If above true what methods might make this more effective than currently available?
- Is a DDoS? detection module feasible and necessary? (i.e. to detect both incoming and outgoing DDoS? traffic using statistical and behavioral analysis)
- If so how?
This group should come to recommendations on these subject by August 12 2009.
Breno Silva (
breno.silva@gmail.com) is the group lead. He will be responsible for sparking and steering the discussion as well as summarizing the recommendations of the group.
--
MattJonkman - 28 Jul 2009