Bro Development Projects
Here is a partial "wish list" list of Bro development projects.
It's not meant to be exhaustive, and suggestions for additions
will be welcome. If you want to work on one of these, that would
be great, but it would be best to send email to vern at
icir.org before doing so in order to coordinate in case
others have already started working on them.
- Analyzers
-
- Simpler ones
-
- Harder ones
-
- Kazaa, SSH, NFS, statd, NIS, SNMP, X11, IP options
- Already somewhat fleshed out, but need work to finish
-
- SSL, Gnutella, DHCP, ICMP, TFTP, POP, BGP
- Language and Event Engine Features
-
- union types
- optional arguments for functions
- type inference for function return values
- read()/write()
- convert more policy scripts over to use the module
facility
- systematize weird reporting to be more like ALERT
- framework for analyzing encapsulated/tunneled traffic (contributed but not yet integrated)
- NetFlow records as an input source
- IDMEF support (initial implementation needs further development)
- vectors (initial implementation needs further development)
- Bugs
-
This is just the beginning of such a list:
- catch functions that are declared to return a value but fail to
- catch expressions that don't do anything
- catch event handlers that can't be invoked (typos)
Please send in others as you notice them.
- Attacks and Analysis
-
Likewise, this is just the beginning of such a list, please
send in suggested additions:
- for FTP, MKD followed by RMD ("Grimm's Ping")
- collect version info from SMTP "220" lines
- email relaying (mostly already done)
- SMTP attacks
- Operational/Development Environment
-
- Bring documentation up to date
- Test suite
- Log file / alert navigation GUI
- Web-navigable archive for the Bro mailing list