[Bro] Ip-based
Mike Dopheide
dopheide at gmail.com
Fri Sep 16 07:56:59 PDT 2016
You should consider setting your local subnets in $BROPATH/etc/networks.cfg
For some policies that helps Bro know what to treat as local hosts versus
external.
Dop
On Friday, September 16, 2016, K2 <k2 at korrosivesecurity.com> wrote:
> Ah. You are correct, the listening interface can be set to promiscuous
> mode without having any assigned IP. Bro will analyze anything that that
> interface receives.
>
>
> On Fri, Sep 16, 2016, at 08:59 AM, Daniel Manzo wrote:
>
> Okay, I meant IP address based. By that I mean - are there any settings or
> configuration files that require specific IPs to be set in order for Bro to
> work? I’m trying to explain to my colleague how Bro works, but having a
> hard time myself. From my understanding it doesn’t need any IP addresses,
> and will monitor whatever traffic is incoming from the server’s NICs. Is
> this correct?
>
>
>
> Thanks,
>
> Dan Manzo
>
>
>
> *From:* bro-bounces at bro.org
> <javascript:_e(%7B%7D,'cvml','bro-bounces at bro.org');> [mailto:
> bro-bounces at bro.org <javascript:_e(%7B%7D,'cvml','bro-bounces at bro.org');>]
> *On Behalf Of *K2
> *Sent:* Friday, September 16, 2016 9:46 AM
> *To:* bro at bro.org <javascript:_e(%7B%7D,'cvml','bro at bro.org');>
> *Subject:* Re: [Bro] Ip-based
>
>
>
> What do you mean by IP-based? Are you asking if it is designed for
> intrusion prevention? The answer to that would be no.
>
>
>
> Bro gives you pretty much all the information you'd ever want to know
> about your network traffic, but leaves it to the analyst to decide what is
> good and what is bad.
>
>
>
> Kory
>
>
>
> On Fri, Sep 16, 2016, at 08:25 AM, Daniel Manzo wrote:
>
> Hi all,
>
>
>
> Just to verify before setting up Bro, this IDS is not IP-based, correct?
> It looks like it is not, but I just want to be certain.
>
>
>
> Thanks,
>
>
>
> Dan Manzo
>
> *_______________________________________________*
>
> Bro mailing list
>
> bro at bro-ids.org <javascript:_e(%7B%7D,'cvml','bro at bro-ids.org');>
>
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160916/32b883e1/attachment.html
More information about the Bro
mailing list