[Bro-Dev] [JIRA] (BIT-25) TRW should be more flexible in determining what connections to skip

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Mon Feb 10 05:48:37 PST 2014


     [ https://bro-tracker.atlassian.net/browse/BIT-25?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Seth Hall updated BIT-25:
-------------------------

    Resolution: Invalid
        Status: Closed  (was: Open)

There is no TRW implementation in Bro at the moment and since this is an implementation specific request I'm going to close it.

> TRW should be more flexible in determining what connections to skip
> -------------------------------------------------------------------
>
>                 Key: BIT-25
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-25
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>            Reporter: Vern Paxson
>
> [Eric Thomas, Sandia|From]
> Instead of using a set lookup (the honeypot global) to determine whether
> a connection is related to a honeypot, introduce a function variable that
> gets set to a function which takes a connection record as input and returns
> a boolean. The return value specifies T/F whether the connection is
> associated with a honeypot. This function is called in check_TRW_scan
> (trw-impl.bro) instead of the set lookup in honeypot.
>  
> The default function would do the simple set lookup, as is done now. But it
> allows others to create a function that performs more complex operations.



--
This message was sent by Atlassian JIRA
(v6.2-OD-09-036#6252)


More information about the bro-dev mailing list