[Bro-Dev] BiF parsing index types
Vern Paxson
vern at icir.org
Tue May 24 10:09:58 PDT 2011
> > IIRC, it's used by Bro at startup to resolve hostnames in the policy
> > scripts ...
>
> > Agreed, but I would consider it a fairly minimal risk due to such extremely
> limited use of that feature anyway. In the scripts I've been working on,
> I haven't even used it at all so the risk is even lower.
? You don't have things like tables of sensitive systems that are listed
using hostnames rather than addresses? This strikes me as a pretty basic
use case.
Vern
More information about the bro-dev
mailing list