[Bro] Can Bro Anonymize the Data it Captures?
Gregor Maier
gregor at icir.org
Tue Sep 27 10:55:04 PDT 2011
> Kind of. Bro 1.5 comes with the anonymization systems described in
> this paper:
>
> http://conferences.sigcomm.org/sigcomm/2003/papers/p339-pang.pdf
>
> This is very cool stuff. However, the code hasn't been maintained for
> a long time already and, due to bit rot, there are various pieces here
> and there that aren't working right anymore. For the upcoming release,
> we have thus completely removed that functionality.
Hmm. I'm actually wondering whether all the flexibility of the new
logging framework would enable us to anonymize log files as a
transparent add-on on the script layer.....
I guess that in any case one could always modify / anonymize the
c$PROTOCOL record just before it gets logged....
cu
Gregor
--
Gregor Maier
<gregor at icir.org> <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
http://www.icir.org/gregor/
More information about the Bro
mailing list