Several of us in the Cyber Security group at BBN are beginning to explore Bro for use in one of our projects. Currently, we're thinking of using it to monitor ICMP traffic. I've noticed that in the reference manual there's a not-filled-in entry on an ICMP analyzer and in the source code there's an ICMP analysis script and what appears to be an analyzer in the source code. Is there active work going on in detecting ICMP irregularities using Bro? Is there any interest in contributions to Bro of some ICMP sensors we've begun working on?
Thanks,
Dan Wyschogrod