some puzzles about the usage of bro

Ashley Thomas athomas at unity.ncsu.edu
Fri May 17 19:15:50 PDT 2002 

>First of all if bro detect intrusion activity,what will it do?Write this
> intrusion activity to log or print real-time notification in the screen.

It is capable of doing both.
You can look look for *.log files in the same directory where bro
executable is there.

>So I am not sure if it is working !

If bro starts correctly it will print
listening on interface <eth0|eth1> ....

Are you getting this message ?

> Thirdly would you please give me a list of which type of intrusion can
>bro detect and the corresponding intrusion signature of each intrusion
activity
> bro can detect?

It can detect almost everything if you can write the signature /
analysis module into its policy scripts.

By default it detects common alerts like
- portscan
- land attack
- malicious fragments like (size < min_size)

etc
etc

You can get a lot of these information in the bro user manual
which comes along with the distribution...
You can look for it in the doc/ directory.

Hope that helps.

-ashley thomas



On Sat, 18 May 2002, [gb2312] Àî ÎļΠwrote:

> Dear Mr. Paxson:
>
> I am a undergraduate student in China.When I try to use bro I have met some
> puzzles and I wish I could get help from you.
>
> First of all if bro detect intrusion activity,what will it do?Write this
> intrusion activity to log or print real-time notification in the screen.
>
> Secondly I have run bro many times in the LAN of my lab.But it did not have
> any response.So I am not sure if it is working.By th way,where does the
> bro's intrusion log file locate in linux?
>
> Thirdly would you please give me a list of which type of intrusion can bro
> detect and the corresponding intrusion signature of each intrusion activity
> bro can detect?
>
> Thank you very much for your kind guide and help.
>
>                                        Yours Sincerely
>                                          Lee
>
>
>
>
>
>
>
>
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer£ºhttp://explorer.msn.com/lccn/intl.asp
>
>

More information about the Bro mailing list