Portscan and DDoS? Working Group

This group has a mailing list for discussion here: http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-wg-portscan

The goal of this working group is to make recommendations regarding two major subjects:

  • Is traditional portscan detection functionality useful enough to be reimplemented in the OISF engine?
  • If above true what methods might make this more effective than currently available?

  • Is a DDoS? detection module feasible and necessary? (i.e. to detect both incoming and outgoing DDoS? traffic using statistical and behavioral analysis)
  • If so how?

This group should come to recommendations on these subject by August 12 2009.

Breno Silva (breno.silva@gmail.com) is the group lead. He will be responsible for sparking and steering the discussion as well as summarizing the recommendations of the group.

-- MattJonkman - 28 Jul 2009

Topic revision: r1 - 2009-07-28 - MattJonkman
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats