[Bro] SYN/ACK Attack

Jan Grashöfer jan.grashoefer at gmail.com
Mon Jul 25 12:06:34 PDT 2016

Since originator/responder depends on the protocol logic, another
solution would be to log the source address of the first packet of the
connection. I've just written a small script
(https://gist.github.com/J-Gras/f6bfb6092d29aa0e9c53eb98e23a7955) that
should achieve this. As it uses the new bif
"get_current_packet_header()", the script only works with master (see

Best regards,

More information about the Bro mailing list