[Bro] invoking an analayzer without the default policy script?
Robin Sommer
robin at icir.org
Thu Dec 6 05:12:24 PST 2007
On Wed, Dec 05, 2007 at 10:36 -0800, you wrote:
> I did have success by adding the following:
>
> global dns_ports = { 53/udp, 53/tcp, 137/udp };
> redef dpd_config += { [ANALYZER_DNS] = [$ports = dns_ports] };
Ah, sorry, I forgot that. Actually you need both, the right packet
filter and the dpd_config. As Christian noted, your packet filter
might already be right if you're not loading any other scripts
(because then Bro uses the default filter "tcp or udp or icmp").
Robin
--
Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list