[Bro] HTTP Question
Jean-Philippe Luiggi
jp.luiggi at free.fr
Fri Nov 9 12:28:09 PST 2007
Nicholas Weaver a écrit :
> On Fri, Nov 09, 2007 at 01:54:19PM -0500, Jean-Philippe Luiggi composed:
>
>> Diogo Corteletti de Oliveira a écrit :
>>
>>> Hello,
>>>
>>> Can BRO alarm on non-http traffic over port 80?
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>
>>>
>> Hello Diogo,
>>
>> I think so if you use DPD (dynamic protocol detection).
>> Please note there's already a file "detect-protocols.bro" which
>> is able to find connections with protocols on non-standard ports.
>>
>> Best regards,
>>
>> Jean-philippe.
>>
>
>
> Note also to make this more reliable, you should set dpd_buffer_size
> to a significantly longer size, otherwise larger POST requests may not
> be recognized.
>
> EG,
>
> redef dpd_buffer_size = 4096;
> or
> redef dpd_buffer_size = 10000;
>
>
Hello,
Thank you for pointing out this information, i missed it (much more, i
didn't think about this problem).
Best regards,
Jean-philippe.
More information about the Bro
mailing list