[Bro] caret and the stick
brianallen at wustl.edu
Tue Sep 5 11:54:24 PDT 2017
I upgraded one of my clusters recently and I noticed that the history column in the conn.log has a caret symbol now. The docs say:
^ = "connection direction was flipped by Bro’s heuristic”
I was wondering what exactly this means. Which part exactly was flipped? And which heuristic is it referring to?
Here is a line from our conn.log showing what I think is backscatter. (Our network is 22.214.171.124/16.)
128.252.X.Y 57756 126.96.36.199 80 tcp - - - - OTH T F 0 ^h 0 0 1 44
So in this example, what was flipped exactly?
From: <bro-bounces at bro.org<mailto:bro-bounces at bro.org>> on behalf of "Dopheide, Jeannette M" <jdopheid at illinois.edu<mailto:jdopheid at illinois.edu>>
Date: Tuesday, September 5, 2017 at 8:28 AM
To: Bro-Mailinglist <bro at bro.org<mailto:bro at bro.org>>
Subject: [Bro] BroCon is next week
Reminder, BroCon is next week. If you haven’t registered, tickets are still available:
Looking forward to seeing you all there.
The Bro Team
Sr. Education, Outreach, and Training Coordinator
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>
The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro