[Bro] Worker System Memory Exhaustion
Azoff, Justin S
jazoff at illinois.edu
Wed Apr 11 11:17:55 PDT 2018
> On Apr 11, 2018, at 2:11 PM, Aashish Sharma <asharma at lbl.gov> wrote:
>
> Now, some sites have actually the other way round, where they have a list of
> Darknets or unallocated subnets. If thats case with you let me know. I'll send
> you a slightly different file.
> (Justin tried to simplify these all in his version but not sure where it was
> left).
Yes! I wrote something for this. I split out from scan.bro into bro-is-darknet:
https://github.com/ncsa/bro-is-darknet
This tries to handle the four possible darknet setups I identified.
bro-simple-scan depends on this package for the darknet based scan detection.
—
Justin Azoff
More information about the Bro
mailing list