[Bro] connection states

Laleh Arshadi la_arshadi at yahoo.com
Mon Jul 22 11:11:23 PDT 2013

OK... to be more precise, how can I decide which connection is suspicious to be a TCP scanning attempt?


On Jul 22, 2013, at 11:54 AM, Laleh Arshadi <la_arshadi at yahoo.com> wrote:

> \now I am looking for the policies upon which Bro decides that a connection is "good", "bad' or "unknown".

Hm, your question is a little broad. :)


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130722/6d702012/attachment.html 

More information about the Bro mailing list