[Bro] How to throttle (or limit) the bitrate of a UDP connection using BRO?

Harkeerat Bedi hsbedi at memphis.edu
Thu May 26 21:39:14 PDT 2011


OK. Thank you Seth and Vern for your feedback. I will follow the suggestions
provided by Seth.

One of the reasons I thought about this was because I came across a function
in BRO called "terminate_connection(c: connection)". This function, as per
the wiki: attempts to terminate a given connection using a rst utility.
However, now I understand that BRO does not support inline operation as this
rst utility is not a part of BRO.

Thanks again,
Harkeerat Bedi


On Wed, May 25, 2011 at 8:42 PM, Seth Hall <seth at icir.org> wrote:

>
> On May 25, 2011, at 7:25 PM, Harkeerat Bedi wrote:
>
> > Node1 (Client) <------>   Node2 (running BRO) < ------ > Node3 (Server)
> >
> > If I have a UDP connection (between the Client and the Server) with a bit
> rate of 2Mb/s. How can I reduce its bitrate to a user set value - say:
> 1Mb/s, using BRO?
>
> I suppose you could write a script that would install a firewall rule on
> the box to do the packet dropping (assuming whatever firewall you're using
> supports that).  You can use the system() function in Bro to call your
> external script that would put the firewall rule in place.  But generally
> Vern's point still applies that Bro doesn't ship with any consideration
> toward this deployment scenario.
>
>  .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20110526/f7f797f5/attachment.html 


More information about the Bro mailing list