Homework #4 - Network Monitoring - Due Mon Feb 3, 1PM
Turn in this assignment via email (vern@berkeley.edu, plain text/HTML/Word)
by the due date, with the term Homework in the Subject.
Read the paper
Bro: A System for Detecting Network Intruders in Real-Time, Vern Paxson, Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999.
(It's fine to skip the appendix.)
Briefly write up your views of:
- What are the main contributions of this paper?
- What parts of the paper do you find unclear? (optional)
- What parts of the paper are questionable? (That is, you think a
conclusion may be wrong, an approach or evaluation technically
flawed, or data ill-presented.)
- For many years, Snort was the popular freeware NIDS.
It first appeared
right around when Bro did. Look over the sections on
Writing Snort Rules, Rule Development, and
Writing High Performance Pattern Matching Rules
in the original Snort paper,
pp. 232-234, to get a sense of Snort's model of how to express
network monitoring analysis. From this, what do you see as
its strengths and weaknesses for detecting attacks?
(Do not consult additional references to answer this question.)