some puzzles about the usage of bro
Ashley Thomas
athomas at unity.ncsu.edu
Fri May 17 19:15:50 PDT 2002
>First of all if bro detect intrusion activity,what will it do?Write this
> intrusion activity to log or print real-time notification in the screen.
It is capable of doing both.
You can look look for *.log files in the same directory where bro
executable is there.
>So I am not sure if it is working !
If bro starts correctly it will print
listening on interface <eth0|eth1> ....
Are you getting this message ?
> Thirdly would you please give me a list of which type of intrusion can
>bro detect and the corresponding intrusion signature of each intrusion
activity
> bro can detect?
It can detect almost everything if you can write the signature /
analysis module into its policy scripts.
By default it detects common alerts like
- portscan
- land attack
- malicious fragments like (size < min_size)
etc
etc
You can get a lot of these information in the bro user manual
which comes along with the distribution...
You can look for it in the doc/ directory.
Hope that helps.
-ashley thomas
On Sat, 18 May 2002, [gb2312] Àî ÎļΠwrote:
> Dear Mr. Paxson:
>
> I am a undergraduate student in China.When I try to use bro I have met some
> puzzles and I wish I could get help from you.
>
> First of all if bro detect intrusion activity,what will it do?Write this
> intrusion activity to log or print real-time notification in the screen.
>
> Secondly I have run bro many times in the LAN of my lab.But it did not have
> any response.So I am not sure if it is working.By th way,where does the
> bro's intrusion log file locate in linux?
>
> Thirdly would you please give me a list of which type of intrusion can bro
> detect and the corresponding intrusion signature of each intrusion activity
> bro can detect?
>
> Thank you very much for your kind guide and help.
>
> Yours Sincerely
> Lee
>
>
>
>
>
>
>
>
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer£ºhttp://explorer.msn.com/lccn/intl.asp
>
>
More information about the Bro
mailing list