[Bro] Intrusion prevention

Vern Paxson vern at icir.org
Fri Aug 26 15:23:05 PDT 2005

> Will it be interfacing with a firewall like iptables (like snort-inline does) ?

It's a different API, and not directly suitable for use with something
like iptables (our approach is quite fine-grained).

Note, we already (and for a long time) run Bro in a reactive fashion, for
which the policy script can drop hostile traffic.  But this isn't the full
power of an IPS since there's latency between discovering a problem and
blocking a host, so damage can still occur.


More information about the Bro mailing list