[Bro-Dev] better name for "drop"
seth at icir.org
Fri Jun 10 14:05:31 PDT 2011
I'm looking for a better name for the drop.bro script. I think it would serve as it's own standalone framework that could be reused by other scripts, but "drop" is unfortunately not descriptive enough (in my opinion) for what it does.
For those of your who don't know, drop.bro implements Bro's ability to call an external script and "drop" connectivity for an address. It also implements the notion of catch&release where a host would initially be blocked for a short period and released but if it continues doing things that would cause it to get blocked, it gets blocked for longer and longer periods each time.
I am planning on merging that functionality with the functionality from the terminate-connection.bro script as well so the name of the framework would need to reflect this generic notion denying access to hosts or connections.
International Computer Science Institute
(Bro) because everyone has a network
More information about the bro-dev