just a heads-up,
Since Bro includes resolver code from the BIND distribution, I believe
it will need to pick up patches for the vulnerabilities described in
http://www.cert.org/advisories/CA-2002-19.html
-Chad
> According to some literature, "bro can make intrusion announcement in
> real time", but when I try to run bro, I don't find how to realize this
> function, I only can create some logfiles.
The "log" statement logs a string via syslog().
The system() function invokes an arbitrary shell command.
> And, if it do this as said,
> what is the form of alert?
Just a string. Recently, Umesh Shankar has added a framework of "attributes",
i.e., additional information associated with values, and the main impetus
behind this has been to add structure to Bro alerts, since that's really
needed so they can be better filtered/post-processed/etc. It will be in
the next major release of Bro, which I'm aiming to have out in August.
Vern
[sorry this took me so long to reply to]
> hi, can someone please describe and explain how the ntp attack works? bro
> has it under it's "example attacks" directory...
It's a buffer overflow attack. The common NTP implementation has an upper
bound on the size of a message it expects to receive.
Vern
hello, every body here,
I am a beginner of Bro, I have a question,hope some one can help me.Thanks.
According to some literature, "bro can make intrusion announcement in real time", but when I try to run bro, I don't find how to realize this function, I only can create some logfiles. And, if it do this as said, what is the form of alert?
Thank you very much.
sara young
商都信息港 http://www.zz.ha.cn
371免费邮箱 http://www.371.net
hi, can someone please describe and explain how the ntp attack works? bro
has it under it's "example attacks" directory...
thanks in advance
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com