[Bro-Dev] Enable DPD per default in 1.6?
Seth Hall
seth at icir.org
Mon Jan 24 12:50:42 PST 2011
On Jan 24, 2011, at 3:32 PM, Robin Sommer wrote:
> There's a further advantage to doing (2): it would eliminate one of
> the most common mistakes: not realizing that Bro's filter doesn't
> include what one wants to analyze. With a default-all filter, Bro
> does what one would intuitively expect, and changing the filter to
> be more restrictive could be filed under "performance tuning".
>
> Thoughts?
I like the idea. The common case seems to have become running with DPD enabled anyway. It would be one less thing for most people to have to configure as soon as they do the install. All as long as the filtering system gets some documentation. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list