zeek-dev October 2012

zeek-dev@lists.zeek.org

82 discussions

by Vern Paxson

Luckily, looks like someone has already written this up for us: http://mnstream.blogspot.com/2008/03/history-of-bro-part-one-past-attire.ht… - Vern

8 years, 3 months

[Bro-Dev] #901: topic/jsiwek/ipv6-sigs

by Bro Tracker

#901: topic/jsiwek/ipv6-sigs ---------------------------+------------------------ Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ This branch is just in the `bro` repo and adds IPv6 support to signature header conditions. See commit message of [e835a55229315f61e6994811b0eb6423f14c905a/bro] for details. I think merging this would close #774 and #880. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/901> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

8 years, 3 months

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

8 years, 3 months

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

8 years, 3 months

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

8 years, 3 months

[Bro-Dev] #899: Make the archive log compression configurable

by Bro Tracker

#899: Make the archive log compression configurable ------------------------+---------------------------------- Reporter: justin | Type: Feature Request Status: new | Priority: Low Milestone: Bro2.2 | Component: BroControl Version: git/master | Keywords: log archive compress ------------------------+---------------------------------- This makes the currently harcoded 'gzip -9' configurable. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/899> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

8 years, 3 months

[Bro-Dev] #902: Error loading __load__.bro/main.bro if dir containing these scripts is not in the site directory

by Bro Tracker

#902: Error loading __load__.bro/main.bro if dir containing these scripts is not in the site directory ------------------------+--------------------- Reporter: aashish | Type: Problem Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: ------------------------+--------------------- __load__.bro and main.bro won't load if the folder containing these is not in the standard site directory even though this folders location is specified via SitePolicyPath. Explanation: I encountered this problem while trying to get ssn-exposure running. @load ssn-exposure in local.bro works just fine if folder (ssn-exposure) is in the site directory. However if this same folder (ssn-exposure) is moved to a different/non- standard directory (eg. /usr/local/my-scripts) @load ssn-exposure would give errors and not load; even though /usr/local/my-scripts is added to SitePolicyPath in broctl config and other standalone scripts within my- scripts folder load properly. ssn-exposure (https://github.com/sethhall/ssn-exposure) is an example. This seems to be a general issue with any similar folder encapsulated scripts. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/902> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

8 years, 3 months

[Bro-Dev] #891: topic/jsiwek/gridftp

by Bro Tracker

#891: topic/jsiwek/gridftp ---------------------------+------------------------ Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ This branch exists in `bro`, `bro-testing`, and `bro-testing-private` repos and adds support for GridFTP detection. Relevant commits are: [e34f6d9e3b1475828e11b590211311581dd05955/bro] [49b8c7e3909ba0b57019285eaa07022c44f45270/bro] [68aead024ab4a93ac83dc83f5ba61427bd1401e4/bro] Summarized changes are: - Add generic connection polling script: base/protocols/conn/polling.bro - Add GridFTP detection script (mostly deals with GridFTP data channel detection): base/protocols/ftp/gridftp.bro - Add a new support analyzer which looks at FTP requests for AUTH GSSAPI and forwards data to an SSL analyzer instance if it looks like the GSI mechanism. This makes it possible to identify GridFTP control channels. - Change FTP analyzer to no longer skip further analysis of a connection if the server accepts an AUTH request. - SSL client certificates are now tracked/logged by default. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/891> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

8 years, 3 months

[Bro-Dev] #880: Cannot do signature matching for ICMP payload

by Bro Tracker

#880: Cannot do signature matching for ICMP payload --------------------------+----------------------------- Reporter: sheharbano.k | Type: Feature Request Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: --------------------------+----------------------------- We cannot do signature-matching for ICMP payload. All the attacks launched by THC IPv6 tool (http://www.thc.org/thc-ipv6/) use ICMP payload for which a signature can be easily written. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/880> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

8 years, 3 months

[Bro-Dev] #774: IPv6 in signatures

by Bro Tracker

#774: IPv6 in signatures ---------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ IPv6 addresses aren't supported in signatures. This isn't huge priority since addresses are very rarely used in signatures, but I wanted to document the broken-ness. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/774> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

8 years, 3 months

← Newer
1
2
3
4
5
6
7
8
9
Older →

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

zeek-dev October 2012