[Bro] SYN/ACK Attack
Jan Grashöfer
jan.grashoefer at gmail.com
Mon Jul 25 12:06:34 PDT 2016
Since originator/responder depends on the protocol logic, another
solution would be to log the source address of the first packet of the
connection. I've just written a small script
(https://gist.github.com/J-Gras/f6bfb6092d29aa0e9c53eb98e23a7955) that
should achieve this. As it uses the new bif
"get_current_packet_header()", the script only works with master (see
http://try.bro.org/#/trybro/saved/80298).
Best regards,
Jan
More information about the Bro
mailing list