[Bro] BPF?

Seth Hall seth at icir.org
Thu Jan 16 07:33:26 PST 2014


On Jan 16, 2014, at 10:12 AM, George Insko <ginsko3 at gmail.com> wrote:

> #Nothing from src host to dst port
> !(src host 0.0.0.0/0 && dst port 443) &&
> Does that make sense and will it work? Do you all have any other ways to permanently filter traffic? 

I think you meant to do…

(not src port 443 and not dst port 443)

  .Seth


--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140116/2449e59d/attachment.bin 


More information about the Bro mailing list