[Bro] Some questions and Netflow.
jp.luiggi at free.fr
Mon Jan 30 05:41:48 PST 2006
I've some questions...
Do there's a GUI or something likes this in order to see the various alerts ?
I saw there's perhaps "Brooery" but is it available ?
A tool likes this is very valuable if we plan to install the IDS to people
with a minimum of background with computers.
I recently 'sacrified' an old laptop with an old distro and installed it with
access to Internet (ssh input allowed) behind my gateway, some very easy login/password after
i got a very nice IRC bot...
What i now want to do is to raise up alerts if connections come from the
inside. Sound likes a "nbad.bro" or something else likes this may be helpful ?
We talked in the past of Netflow, the good concept used by "Cisco", how
do you see working with it ?
At least, two choices :
- Using Bro as a Netflow concentrator.
- Using a dedicated tool to capture the flows and then use "Bro" to inspect data.
I work all the day with the "flow-tools" package from "OSU" but there are several
others floating around and each one with different format.
And what about the future things to come (the famous TODO) ?
More information about the Bro