[Bro] Stepping Stone Detection

Vlad Grigorescu vlad at grigorescu.org
Tue Sep 23 07:08:16 PDT 2014

If I recall correctly, I believe the detection doesn't work well on
clusters. The same worker would need to see all traffic associated with a
given stepping stone (both traffic from the internet to that hop, and from
that hop to the target system).


On Mon, Sep 22, 2014 at 4:20 PM, anthony kasza <anthony.kasza at gmail.com>

> I've noticed some remnants of Vern's work around detecting systems used as
> stepping stones within Bro's source. Could someone on the list shed light
> on why and when it was deprecated? Many thanks,
> -AK
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140923/eea47184/attachment.html 

More information about the Bro mailing list