[Bro] Clarification on Backdoor Event Engine

Vern Paxson vern at icir.org
Sat Jul 8 23:23:16 PDT 2006


> I just wanna clarify that , is the backdoor event engine(which does all
>     the signature detection) eventually invokes the corresponding event
>     engine and the Analyser .

The backdoor analyzer is separate from Bro's signature engine.  The analyzer
only generates backdoor events - not other signature events, and not protocol
parsing events.

		Vern



More information about the Bro mailing list