[Bro] Clarification on Backdoor Event Engine

Anandraj anandrajm at fastmail.fm
Thu Jul 6 11:14:54 PDT 2006

Hi all,
I just wanna clarify that , is the backdoor event engine(which does all
    the signature detection) eventually invokes the corresponding event
    engine and the Analyser .

    For example let me take SSH , when the ssh packet is recevied 
    the libpcap , the backdoor event engine will be th e one which
    the packet first , based on the signatures invokes the ssh event
    and the ssh event engine invokes the Policy scripts which contain
    event handlers/analysers ..finally log the data to the file.

    Please correct me if my understanding is wrong.


http://www.fastmail.fm - A fast, anti-spam email service.

More information about the Bro mailing list