[Bro] Stepping Stone Detection
anthony.kasza at gmail.com
Tue Sep 23 07:24:51 PDT 2014
That makes sense. Thanks for satisfying my curiosity.
On Sep 23, 2014 7:08 AM, "Vlad Grigorescu" <vlad at grigorescu.org> wrote:
> If I recall correctly, I believe the detection doesn't work well on
> clusters. The same worker would need to see all traffic associated with a
> given stepping stone (both traffic from the internet to that hop, and from
> that hop to the target system).
> On Mon, Sep 22, 2014 at 4:20 PM, anthony kasza <anthony.kasza at gmail.com>
>> I've noticed some remnants of Vern's work around detecting systems used
>> as stepping stones within Bro's source. Could someone on the list shed
>> light on why and when it was deprecated? Many thanks,
>> Bro mailing list
>> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro