[Bro] Blocking packets
Johanna Amann
johanna at icir.org
Mon Aug 8 10:07:06 PDT 2016
Hello Daniel,
to interact with the traffic on your network, e.g. by installing blocking
rules into your hardware, you can use the NetControl framework, which is
part of our current development version and will be part of 2.5.
Documentation is available at
https://www.bro.org/sphinx-git/frameworks/netcontrol.html and
https://github.com/bro/bro-netcontrol
Apart from that, Bro by itself can not block traffic; it depends on
outside hardware or software to do that, but it can be used to push rules
out depending on the traffic that you see.
I hope that helps,
Johanna
On Fri, Aug 05, 2016 at 03:36:23PM +0000, Daniel Manzo wrote:
> Hi all,
>
> Can Bro block packets or part of traffic, in addition to logging? Or is this something that needs to be configured on an aggregator or tap? I apologize if this is a very simple topic, as I'm a Bro noob.
>
> Best regards,
>
> Daniel Manzo
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list