[Bro] About BRO
anthony kasza
anthony.kasza at gmail.com
Tue May 19 08:57:51 PDT 2015
Detecting denial of service attacks aren't as clear cut as detecting other
attacks e.g. SQL injection. What constitutes a DoS depends on your networks
specifics, such as bandwidth. A DoS to your network might not be a DoS to a
larger network.
This being said, Bro does have the ability to detect common port scan
attacks. I believe the detection scripts are built on the sumstats
framework. Here's one Seth wrote <
https://github.com/sethhall/bro-junk-drawer/blob/master/scan_udp.bro>. I
hope that helps.
-AK
On May 19, 2015 8:44 AM, "Anshu Sharma" <anshu.sh123 at gmail.com> wrote:
> Sir
> i m working on bro 2.3.2 version
> i want to know can we detect denial of service attack using bro?
> if possible can you please provide me some guidance .
> thanks
> hoping your early reply
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150519/75d10e34/attachment.html
More information about the Bro
mailing list