[Bro-Dev] UDP connection_established event?
Jan Grashöfer
jan.grashoefer at gmail.com
Mon Mar 5 02:55:56 PST 2018
On 02/03/18 03:52, Vlad Grigorescu wrote:
> I would like to propose a new event in Bro, one that would fire when a UDP
> connection is established (i.e. a response is observed within some time
> frame after a request is seen). Basically, the UDP equivalent of
> connection_established.
>
> [...]
>
> Does anyone have thoughts about this?
I definitely see the need to correlate request-response-pairs for UDP
protocols but as UDP is *connectionless*, the term UDP connection sounds
very strange to me. Maybe a general notion of request-response protocols
could be established. Corresponding protocols could trigger general
events. For some protocols there might be even a session concept.
Jan
More information about the bro-dev
mailing list