[Bro] Signatures
Seth Hall
seth at icir.org
Tue Feb 22 21:08:28 PST 2011
On Feb 21, 2011, at 4:02 AM, David Rodrigues wrote:
> The signature is only triggered once for the same host and for a given
> period of time (and for the same tcp connection).
>
> If I close and restart the connection the signature is always triggered.
>
> Is that normal?
Ah! I believe that is normal. I don't think that the same signature will trigger multiple times in the same TCP connection.
Can you give any more details about the scenario in which you need this? The example doesn't have enough context for me to know if there is another way of implementing what you are trying to accomplish.
Thanks,
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list