[Bro-Dev] Better Handling of User Agents in Software Framework

Seth Hall seth at icir.org
Mon Dec 14 13:24:48 PST 2015


> On Dec 14, 2015, at 10:51 AM, Vlad Grigorescu <vlad at grigorescu.org> wrote:
> 
> I'm not thrilled with those user agents are being handled right now, and I'm curious to get some thoughts. Take, for example the Safari user-agent string of: 

I think your proposal sounds reasonable.  I’d go ahead and implement it and see what you think about overload situations since I can easily see the amount of software being tracked quickly get out of hand with that.  After it’s implemented, get it running on several networks that are willing to run it and see if it causes problems for them. :)

This could be a good time to also implement some better handling around software tracking to avoid obvious DoS issues by doing traffic that causes lots of state being tracked.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the bro-dev mailing list