[Bro] Stepping Stone Detection
Vlad Grigorescu
vlad at grigorescu.org
Tue Sep 23 07:08:16 PDT 2014
If I recall correctly, I believe the detection doesn't work well on
clusters. The same worker would need to see all traffic associated with a
given stepping stone (both traffic from the internet to that hop, and from
that hop to the target system).
--Vlad
On Mon, Sep 22, 2014 at 4:20 PM, anthony kasza <anthony.kasza at gmail.com>
wrote:
> I've noticed some remnants of Vern's work around detecting systems used as
> stepping stones within Bro's source. Could someone on the list shed light
> on why and when it was deprecated? Many thanks,
>
> -AK
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140923/eea47184/attachment.html
More information about the Bro
mailing list