[Bro] windows?

Jim Mellander jmellander at lbl.gov
Fri Dec 8 15:21:02 PST 2006


Jules wrote:
> Hi there
> 
>  
> 
> Just wondering what could be the options to compile bro under windows
> environment?
> 

I actually had Bro running on my windows laptop under Cygwin last year
(I call it WinBro), to see if it could be done, first of all, and to see
what added value it could bring.  Were I to be persuaded to work on it
further, I'd probably use mingw instead - although cygwin is still a
viable option.  I found out several things:

1. Bro people are less than enthusiastic about Windows
2. It seemed to add value as a way for internal hosts to have a
lightweight IDS capability, which could potentially report back to a
central station.
3. It adds a dimension to internal monitoring that e.g. Netflow doesn't
have, as it gives the opportunity for detection of intra-subnet scanning
or other malicious activities.

If anyone is interested in being my partner in crime, I would be happy
to dust off my notes, and have another go at it.


-- 
Jim Mellander
Incident Response Manager
Computer Protection Program
Lawrence Berkeley National Laboratory
(510) 486-7204

The reason you are having computer problems is:

According to Microsoft, it's by design



More information about the Bro mailing list