[Bro] Can Bro detect a traffic difference, according to days and time.
mgill6 at student.concordia.ab.ca
Mon Feb 29 18:17:57 PST 2016
I will give a scenario let me know is it possible using Bro ids or not.
If there is a traffic of tcp,udp,icmp,https,smtp and dns,
80%,50%,30%,70%,80% and 60% respectively during working days(mon-fri)(from
10am-6pm) which we can say is a normal traffic. and if these traffic
differs with 10% below or above for each protocol. then alarm should be
triggered, similarly with (off hours 7pm to 9am) if we see same amount of
traffic, alarm should be triggered. Is it possible with Bro to make this
type of scenario detectable.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro