[Bro] New Cluster configuration

erik clark philosnef at gmail.com
Wed Oct 5 06:35:45 PDT 2016


There is good reason to tap both inside and outside of a firewall, but only
if you are tapping both sides of a firewall. Doing this on both sides of a
router is a giant waste of time. That way you can see what actually got
out, and not just what got to the firewall but not out. At my old job this
is what we did, however we weren't natting everything (except ipv6, which
did ipv4 translation, and had its own challenges).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161005/07be3c50/attachment.html 


More information about the Bro mailing list