[Bro] Determining remote proxy servers using Bro.

fatema bannatwala fatema.bannatwala at gmail.com
Fri Jul 29 11:17:37 PDT 2016


Hi,

Recently we have seen an uptick in use of proxy servers to login to the
accounts from people living in China. And since the connection appears to
come from US based IP address (probably a proxy) they go un-flagged by the
IDS/IPS devices, as they see normal logins from United States IP addresses.
So my question is, is there a way to determine that the incoming connection
from an IP is actually a proxy server's IP, by looking at some unique
patterns in data collected by IDS/IPS devices? and if so can we do it using
Bro?

Thanks,
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160729/8e979f7e/attachment-0001.html 


More information about the Bro mailing list