[Bro] Bro handling of Microsoft BITS traffic
Josh Guild
josh.guild at morphick.com
Mon Feb 29 09:44:14 PST 2016
Hey all,
I have a question about how Bro handles Micorsoft BITS (Background
Intelligent Transfer Service) traffic since the file is only partially
downloaded in the session it's monitoring. We've seen some traffic and it
looks like Bro just shows as an incomplete file and doesn't carve it
properly.
Is there anything we can do to mitigate this?
--
Josh Guild
Network Intelligence Analyst
<https://twitter.com/stay_spooky> <https://keybase.io/joshuaguild>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160229/81f466ab/attachment.html
More information about the Bro
mailing list