Bro: a question regarding type

Ashley Thomas athomas at
Thu Sep 27 19:38:42 PDT 2001


I had a general question regarding Bro.
Can we classify it under Rule based or Anomaly based as usually IDSs are
classified ?
I would guess it is a Rule based one. Is there any anomaly detection in
Bro ?

When it is stated that an IDS can withstand upto or greater than 'X'
do we make any assumptions regarding the number of rules in the
rule-based IDS ?
I would think as the rules increases, the traffic that the IDS can
withstand should decrease.

thanks a lot

