[Bro] Does bro REALLY SUPPORT port-independent analysis of application-layer protocols?
(peter)
45070198 at qq.com
Mon May 19 22:42:47 PDT 2014
Seth,
> > In the file /usr/local/bro/share/bro/base/protocols/socks/main.bro, there are some codes as following:
>
> Take a look at socks/dpd.sig. Those are the signatures that are running and attempting to identify off-port SOCKS connections.
Yes, I had saw it, and I thought it would work like that. But, the bro only could detect and generate the socks.log when the socks server used port 1080/tcp, not other ports.
How could I configure it for detecting socks, which use other port?
Best,
peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140520/efa688eb/attachment.html
More information about the Bro
mailing list