[Bro-Dev] notice tags?
Seth Hall
seth at icir.org
Thu Jun 2 12:01:14 PDT 2011
On Jun 2, 2011, at 2:55 PM, Clark, Gilbert wrote:
> What about synchronizing a seed across the bro cluster, and using that seed to generate random() concatenated with 48 bits obtained from the machine (adapter Ethernet address?) to ensure the starting value was unique across the whole cluster?
We could use the node name somewhere to help create uniqueness. MAC address wouldn't actually work because in many cases, people are only sniffing a single interface with a MAC address for their entire cluster.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list