[Bro] Stepping Stone Detection

anthony kasza anthony.kasza at gmail.com
Tue Sep 23 07:24:51 PDT 2014


That makes sense. Thanks for satisfying my curiosity.

-AK
On Sep 23, 2014 7:08 AM, "Vlad Grigorescu" <vlad at grigorescu.org> wrote:

> If I recall correctly, I believe the detection doesn't work well on
> clusters. The same worker would need to see all traffic associated with a
> given stepping stone (both traffic from the internet to that hop, and from
> that hop to the target system).
>
>   --Vlad
>
> On Mon, Sep 22, 2014 at 4:20 PM, anthony kasza <anthony.kasza at gmail.com>
> wrote:
>
>> I've noticed some remnants of Vern's work around detecting systems used
>> as stepping stones within Bro's source. Could someone on the list shed
>> light on why and when it was deprecated? Many thanks,
>>
>> -AK
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140923/b4252f5f/attachment.html 


More information about the Bro mailing list