[Bro] HTTP Question
jp.luiggi at free.fr
Fri Nov 9 12:28:09 PST 2007
Nicholas Weaver a écrit :
> On Fri, Nov 09, 2007 at 01:54:19PM -0500, Jean-Philippe Luiggi composed:
>> Diogo Corteletti de Oliveira a écrit :
>>> Can BRO alarm on non-http traffic over port 80?
>>> Bro mailing list
>>> bro at bro-ids.org
>> Hello Diogo,
>> I think so if you use DPD (dynamic protocol detection).
>> Please note there's already a file "detect-protocols.bro" which
>> is able to find connections with protocols on non-standard ports.
>> Best regards,
> Note also to make this more reliable, you should set dpd_buffer_size
> to a significantly longer size, otherwise larger POST requests may not
> be recognized.
> redef dpd_buffer_size = 4096;
> redef dpd_buffer_size = 10000;
Thank you for pointing out this information, i missed it (much more, i
didn't think about this problem).
More information about the Bro