[Bro] SMB connections
Robert Rotsted
rrotsted at gmail.com
Mon Nov 30 11:44:13 PST 2015
Hi Zied,
By default, the Exfil framework will only attach to flows originated
by addresses in 10.0.0.0/8 that have a non-local responder.
Try setting "ignore_local_dest_conn" to F in app-exfil-conn.bro.
--bob
On Mon, Nov 30, 2015 at 2:48 AM, Zied Turki <zied.turki at outlook.com> wrote:
> Hello Bro Community,
>
> I am working on the data exfiltration and I have just tested the Exfil
> Framework.
> I have noticed, that the script failed to detect file uploads from the file
> server using SMB protocol. Looking to the connections logs (conn.log), the
> SMB connections are unfortunately not logged.
> Would it be a known issue ? or should I tune some params ?
> Please note that the trafic arrives to Bro machine (I have checked using
> tcpdump).
>
> Many thanks,
>
> BR,
> Zied
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list