bridge-firewall on Bro
Wang Shaofu
wsffree at hotmail.com
Sat Apr 5 00:34:41 PST 2003
>I'm trying to configure a bridge-firewall with the bro IDS on it to
>check web traffic (for example). But I've some troubles. Actually, if
>I launch bro with the http rules, due to dependences I have to load
>scan rules. And the scan rules try to connect some machines... But my
>aim is to have an IDS without IP address, so without connection from
>and to the bridge.
>
>Due to that, bro give me a lot of warnings and is very long to
>launch...
>
>I try to modify the rules via my conf file but there are some kinds I
>don't understand. For examples, if I change the "skip_scan_sources" to
>an empty value after loading the scan rule (loading via http rule) ;
~~~~~~~~~~~~try 127.0.0.1
>bro try to resolve address before changing the value. And if I put the
>redef variable before loading the rule, Bro say me : "redef" used but
>not previously defined"...
>
>I think there are some fundamentals thinks I don't understand but I'll
>try to.
>
>If anybody have an idea about that or eventually a configuration file
>to give me some ideas, It could be great !
_________________________________________________________________
免费下载 MSN Explorer: http://explorer.msn.com/lccn/
More information about the Bro
mailing list