[Bro] Use ACTION_DROP to Limit HTTP/FTP Access?
Huiping Song
Huiping.Song at ultra-3eti.com
Mon Aug 6 12:23:59 PDT 2012
We are thinking about limiting HTTP/FTP access by using the "base/frameworks/notice/actions/drop.bro" script: only allow HTTP file upload and FTP put/mput commands from specified IP addresses.
Is it possible to accomplish this by simply modifying http/ftp scripts from the Bro script packages? Does anyone have sample scripts for using ACTION_DROP for HTTP or FTP traffic? I couldn't find out any usages of ACTION_DROP in the installed bro scripts.
Thank you,
Huiping
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120806/bd0f7ba3/attachment.html
More information about the Bro
mailing list