Two Questions about Bro

이지훈 jhlee2 at
Fri Jul 18 05:55:04 PDT 2003


My name is Ji-Hoon, Lee and nice to meet you all

I have an interest in detecting network threats and measuring the loss of bandwidth caused by them.

So, I choose the Bro to detect them. I've read manual and installed Bro to my FreeBSD. It works good!!

and I also ran Tcpdump to record all packets on my local network for one day. 

Today I put tcpdump file to the Bro to analysis with mt.bro policy file. Bro returns many weird logs and works good.

but when I put with mt.bro and worm.bro policy files. It makes segmentation fault. Worm analyzer doesn't work perfect now ?

and I have one more question. I want to add another virus/worm detection feature to Bro. (Likes Klez or Lovegate)

But Manual is hard  for me to do that job so I'm looking for information that can help me. Where can I find it ? 

Thank to reading my poor writing (Sometimes I think I have to study English first of all --") and  hope you all have a nice weekend.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20030718/ff65eb34/attachment.html 

More information about the Bro mailing list