Portscan and DDoS? Working Group
This group has a mailing list for discussion here:
The goal of this working group is to make recommendations regarding two major subjects:
- Is traditional portscan detection functionality useful enough to be reimplemented in the OISF engine?
- If above true what methods might make this more effective than currently available?
- Is a DDoS? detection module feasible and necessary? (i.e. to detect both incoming and outgoing DDoS? traffic using statistical and behavioral analysis)
- If so how?
This group should come to recommendations on these subject by August 12 2009.
Breno Silva (firstname.lastname@example.org
) is the group lead. He will be responsible for sparking and steering the discussion as well as summarizing the recommendations of the group.
- 28 Jul 2009