[Bro] Ip-based
K2
k2 at korrosivesecurity.com
Fri Sep 16 07:12:02 PDT 2016
Ah. You are correct, the listening interface can be set to promiscuous
mode without having any assigned IP. Bro will analyze anything that
that interface receives.
On Fri, Sep 16, 2016, at 08:59 AM, Daniel Manzo wrote:
> Okay, I meant IP address based. By that I mean - are there any
> settings or configuration files that require specific IPs to be set in
> order for Bro to work? I’m trying to explain to my colleague how Bro
> works, but having a hard time myself. From my understanding it doesn’t
> need any IP addresses, and will monitor whatever traffic is incoming
> from the server’s NICs. Is this correct?
>
> Thanks,
> Dan Manzo
>
> *From:* bro-bounces at bro.org [mailto:bro-bounces at bro.org] *On Behalf Of
> *K2 *Sent:* Friday, September 16, 2016 9:46 AM *To:* bro at bro.org
> *Subject:* Re: [Bro] Ip-based
>
> What do you mean by IP-based? Are you asking if it is designed for
> intrusion prevention? The answer to that would be no.
>
> Bro gives you pretty much all the information you'd ever want to know
> about your network traffic, but leaves it to the analyst to decide
> what is good and what is bad.
>
> Kory
>
> On Fri, Sep 16, 2016, at 08:25 AM, Daniel Manzo wrote:
>> Hi all,
>>
>> Just to verify before setting up Bro, this IDS is not IP-based,
>> correct? It looks like it is not, but I just want to be certain.
>>
>> Thanks,
>>
>> Dan Manzo
>> _________________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160916/86bfcd56/attachment.html
More information about the Bro
mailing list