[Bro] Monitor the traffic form interface and pass it to other interface

Nasiriyah Iraq inasiriyah at yahoo.com
Wed Mar 25 10:58:27 PDT 2009


Hello
 
Thank you for replay
Actualy I want to use Bro as Intrusion Prevention System, and I  want to know which processors or options which affect the delay time?
 
With regards
 
Kaled Azrane
 


--- On Sat, 3/7/09, jean-philippe luiggi <jean-philippe.luiggi at didconcept.com> wrote:

From: jean-philippe luiggi <jean-philippe.luiggi at didconcept.com>
Subject: Re: [Bro] Monitor the traffic form interface and pass it to other interface
To: "Nasiriyah Iraq" <inasiriyah at yahoo.com>
Cc: bro at ICSI.Berkeley.EDU
Date: Saturday, March 7, 2009, 8:02 PM

Hello,

I'm not (yet) sure of what's your exact setup but Bro acts as a
"viewer" and
is unable to inject data.
Now about your need, if you want to get packets on eth0 and just forward
them to eth1, you may use firewall's rules.

With regards,

Jean-Philippe.

* Nasiriyah Iraq <inasiriyah at yahoo.com> [2009-03-06 05:08:16 -0800]:

> Dear all
> I have server with Ubuntu 8.10 operating system and Bro Ids 1.4, and there
are two network interfaces installed in this server eth0 and eth1.
> The interface eth0 connected to the internet, and the interface eth1
connected to my special local area network.
> How can I make Bro IDS monitor and analyze all the traffic come from eth0?
And after that pass the traffic to eth1?
  



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20090325/a0022ec8/attachment.html 


More information about the Bro mailing list