From vern at icir.org Sun Nov 17 22:35:45 2002 From: vern at icir.org (Vern Paxson) Date: Sun, 17 Nov 2002 22:35:45 -0800 Subject: Bro now publicly available Message-ID: <200211180635.gAI6Zj3I019054@jaguar.icir.org> While Bro has for a long time been available to anyone asking for a copy, it's now directly available from the Web, with a (modest) home page at: http://www.icir.org/vern/bro.html That page includes links to the newly-updated documentation, which, while still not complete, is now quite a bit closer to complete. Vern From antonat at ics.forth.gr Tue Nov 19 06:57:05 2002 From: antonat at ics.forth.gr (Antonatos Spiros) Date: Tue, 19 Nov 2002 16:57:05 +0200 (EET) Subject: Snort signature Message-ID: I used snort2bro and converted snort signatures into a snort.bro file I gave bro snort.bro but it says ./snort.bro, line 1 (rule): error, undeclared variable What should I do? Antonatos Spiros From sommer at in.tum.de Tue Nov 19 07:51:50 2002 From: sommer at in.tum.de (Robin Sommer) Date: Tue, 19 Nov 2002 16:51:50 +0100 Subject: Snort signature In-Reply-To: References: Message-ID: <20021119155150.GA26405@net.informatik.tu-muenchen.de> On Tue, Nov 19, 2002 at 16:57 +0200, Antonatos Spiros wrote: > I used snort2bro and converted snort signatures into a snort.bro file > I gave bro snort.bro but it says > ./snort.bro, line 1 (rule): error, undeclared variable Currently, snort2bro needs a full Snort configuration (snort.cfg) incl. variable definitions. Perhaps you've tried to convert only the signatures themselves without the surrounding definitions given in snort.cfg? Robin -- Robin Sommer * Room 01.08.055 * TU Munich * Phone (089) 289-18006 * sommer at in.tum.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20021119/805ea48d/attachment.bin From sommer at in.tum.de Tue Nov 19 08:28:17 2002 From: sommer at in.tum.de (Robin Sommer) Date: Tue, 19 Nov 2002 17:28:17 +0100 Subject: Snort signature In-Reply-To: <20021119155150.GA26405@net.informatik.tu-muenchen.de> References: <20021119155150.GA26405@net.informatik.tu-muenchen.de> Message-ID: <20021119162817.GB26428@net.informatik.tu-muenchen.de> On Tue, Nov 19, 2002 at 16:51 +0100, Robin Sommer wrote: > Currently, snort2bro needs a full Snort configuration (snort.cfg) > incl. variable definitions. Perhaps you've tried to convert only the > signatures themselves without the surrounding definitions given in > snort.cfg? In addition (because, as it seems, it's not snort2bro which complains but Bro itself): How did you call Bro? You need to specify the converted signature file via the -s option as it's not a Bro policy script. Eventually, I will write some documentation of the signature engine... Robin -- Robin Sommer * Room 01.08.055 * TU Munich * Phone (089) 289-18006 * sommer at in.tum.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20021119/475c3247/attachment.bin From antonat at ics.forth.gr Tue Nov 19 08:31:08 2002 From: antonat at ics.forth.gr (Antonatos Spiros) Date: Tue, 19 Nov 2002 18:31:08 +0200 (EET) Subject: Snort signature In-Reply-To: <20021119162817.GB26428@net.informatik.tu-muenchen.de> Message-ID: thanks for your interest. i didn't see the -s option :) and i was giving the rules file as a policy script. BTW, bro performs strings searching by using an automaton? Antonatos Spiros On Tue, 19 Nov 2002, Robin Sommer wrote: > > On Tue, Nov 19, 2002 at 16:51 +0100, Robin Sommer wrote: > > > Currently, snort2bro needs a full Snort configuration (snort.cfg) > > incl. variable definitions. Perhaps you've tried to convert only the > > signatures themselves without the surrounding definitions given in > > snort.cfg? > > In addition (because, as it seems, it's not snort2bro which > complains but Bro itself): How did you call Bro? You need to specify > the converted signature file via the -s option as it's not a Bro > policy script. > > Eventually, I will write some documentation of the signature > engine... > > Robin > > -- > Robin Sommer * Room 01.08.055 * > TU Munich * Phone (089) 289-18006 * sommer at in.tum.de > From sommer at in.tum.de Thu Nov 21 00:14:14 2002 From: sommer at in.tum.de (Robin Sommer) Date: Thu, 21 Nov 2002 09:14:14 +0100 Subject: Snort signature In-Reply-To: References: <20021119162817.GB26428@net.informatik.tu-muenchen.de> Message-ID: <20021121081414.GA29942@net.informatik.tu-muenchen.de> On Tue, Nov 19, 2002 at 18:31 +0200, Antonatos Spiros wrote: > thanks for your interest. i didn't see the -s option :) and i was giving > the rules file as a policy script. BTW, bro performs strings searching > by using an automaton? Yes, it compiles the regular expressions into DFAs. Robin -- Robin Sommer * Room 01.08.055 * TU Munich * Phone (089) 289-18006 * sommer at in.tum.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20021121/6024c21c/attachment.bin From wsffree at hotmail.com Thu Nov 21 02:18:01 2002 From: wsffree at hotmail.com (Wang Shaofu) Date: Thu, 21 Nov 2002 18:18:01 +0800 Subject: Snort signature Message-ID: > > thanks for your interest. i didn't see the -s option :) and i was giving > > the rules file as a policy script. BTW, bro performs strings searching ~~~~~~~~~~~~~~~~~ Do you mean strings comparing? Or to verify some string is in or not in the packet payload? > > by using an automaton? > >Yes, it compiles the regular expressions into DFAs. ~~~~~~I can not understand. Have a nice day! Ciao Cloud _________________________________________________________________ ?????????????? MSN Messenger: http://messenger.msn.com/lccn/ From antonat at ics.forth.gr Thu Nov 21 02:53:08 2002 From: antonat at ics.forth.gr (Antonatos Spiros) Date: Thu, 21 Nov 2002 12:53:08 +0200 (EET) Subject: Snort signature In-Reply-To: Message-ID: Antonatos Spiros On Thu, 21 Nov 2002, Wang Shaofu wrote: > > > thanks for your interest. i didn't see the -s option :) and i was > giving > > > the rules file as a policy script. BTW, bro performs strings searching > ~~~~~~~~~~~~~~~~~ > Do you mean strings comparing? Or to verify some string > is in or not in the packet payload? > I mean verifying that a string is contained in packet's payload > > > by using an automaton? > > > >Yes, it compiles the regular expressions into DFAs. > ~~~~~~I can not understand. > I think DFA is Deterministic Finite Automaton. May I assume it is Aho-Corasick-like automaton? > Have a nice day! > Ciao > Cloud > > _________________________________________________________________ > ???????????????????????????? MSN Messenger: http://messenger.msn.com/lccn/ > > From klfjsadkfjasiota at hotm.com Fri Nov 8 09:49:41 2002 From: klfjsadkfjasiota at hotm.com (Internet) Date: Fri, 8 Nov 2002 15:49:41 -0200 Subject: Gosta de Internet ? Message-ID: <200301141053.h0EArKM11842@postal1.lbl.gov> Voc? deseja mudar de vida? Voc? deseja ter dinheiro para pagar suas contas e ainda ter uma poupan?a? Voc? tem computador? Voc? deseja trabalhar em casa? Comece agora mesmo a trabalhar em casa atrav?s do seu computador em tempo parcial ou integral e ter ganhos de R$ 1.000,00 a R$ 3.000,00 mensais. Acesse j? e fa?a como milhares de pessoas do mundo inteiro. Fa?a parte da maior Ind?stria do bem estar, trabalhando em sua casa. Porque n?o agora? Porqu? adiar um futuro melhor quando h? tanta coisa boa a sua espera? Comece hoje. E antes de perguntar porque voc? deve tentar, pergunte-se: Porque n?o? Porque n?o voc?? E, finalmente, porque n?o agora? Cordialmente, Equipe Maior Renda Visite o nosso site: -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20021108/cd5708ef/attachment.html