[Zeek] Subject: Drop packet by signature event

Vincenzo vincyforce at gmail.com
Wed Mar 25 09:26:31 PDT 2020


I have a configuration of FreeBSD with Zeek, my goal is to analyze network
traffic on one network interface and block (IPS) the packet to the other
interface, if this falls within my list of signatures that I have defined
in my signatures.sig.

I have searched far and wide for a solution, but I have not come up with
feasible solutions for this purpose (since Zeek was not born as IPS, as
snort and suricata), do you have any advice?

Zeek 3.0.3
FreeBSD 11
bro-netmap installed

Thanks very much
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200325/c68fcf0f/attachment-0001.html 


More information about the Zeek mailing list