> On Mar 25, 2015, at 11:29 AM, Robin Sommer <[email protected]> wrote: > > I would prefer staying with the well-known ports. I see the argument > for signature-only, but it would be inconsistent with how the other > analyzers works, making it hard to explain to people what's going on. > And I don't expect much of a problem in terms of efficienicy for SSH.
Ah, good point. I can see the argument to wait and do that all at once as yet another nail in the coffin of port-based-analysis. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
