[Zeek] Subject: Drop packet by signature event
Aashish Sharma
asharma at lbl.gov
Wed Mar 25 09:41:00 PDT 2020
> feasible solutions for this purpose (since Zeek was not born as IPS, as
> snort and suricata), do you have any advice?
Umm, zeek's been doing IPS before snort or surcata were born ;)
I am not sure of specifics on your end (ie how you want to implement it) but You
should look at netcontrol-framework and ACLD
(https://ee.lbl.gov/downloads/acld/) in case you want to expand and work with
cisco/juniper routers.
Aashish
On Wed, Mar 25, 2020 at 05:26:31PM +0100, Vincenzo wrote:
> I have a configuration of FreeBSD with Zeek, my goal is to analyze network
> traffic on one network interface and block (IPS) the packet to the other
> interface, if this falls within my list of signatures that I have defined
> in my signatures.sig.
>
> I have searched far and wide for a solution, but I have not come up with
> feasible solutions for this purpose (since Zeek was not born as IPS, as
> snort and suricata), do you have any advice?
>
> Zeek 3.0.3
> FreeBSD 11
> bro-netmap installed
>
> Thanks very much
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
More information about the Zeek
mailing list