[Bro] HTTP Question
nweaver at ICSI.Berkeley.EDU
Fri Nov 9 11:06:11 PST 2007
On Fri, Nov 09, 2007 at 01:54:19PM -0500, Jean-Philippe Luiggi composed:
> Diogo Corteletti de Oliveira a écrit :
> > Hello,
> > Can BRO alarm on non-http traffic over port 80?
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> Hello Diogo,
> I think so if you use DPD (dynamic protocol detection).
> Please note there's already a file "detect-protocols.bro" which
> is able to find connections with protocols on non-standard ports.
> Best regards,
Note also to make this more reliable, you should set dpd_buffer_size
to a significantly longer size, otherwise larger POST requests may not
redef dpd_buffer_size = 4096;
redef dpd_buffer_size = 10000;
Nicholas C. Weaver nweaver at icsi.berkeley.edu
This message has been ROT-13 encrypted twice for higher security.
More information about the Bro