HOSPEDAGEM PROFISSIONAL DE DOMÍNIOS E SITES
A VirtualServ oferece o mais completo plano de hospedagem profissional do mercado. Todas as possibilidades disponíveis hoje na WEB num só plano. O melhor servidor, a melhor conexão, o melhor suporte e recursos ilimitados.
Nosso serviço é top de linha entre os melhores servidores e temos como objetivo a sua satisfação e confiança. Visite-nos: http://virtualserv.com
PAINEL DE CONTROLE - CPANEL
O painel de controle oferecido pela VirtualServ simplifica todos os comandos Unix em uma interface gráfica intuitiva e fácil de usar, agilizando a manutenção de sua conta.
Disponibilizamos essa ferramenta para todos os clientes.
LOJA VIRTUAL GRÁTIS
Adquirindo o plano de hospedagem profissional da VirtualServ, você ganha uma Loja virtual Grátis totalmente automatizada e com e-commerce*. Você pode oferecer qualquer produto ou serviço que quiser com divulgação permanente na internet. Você também pode modificá-la de acordo com suas necessidades.
Na loja, você pode receber pelos seus produtos ou serviços através de depósito bancário, boleto ou cartão de crédito.
Plano profissional de hospedagem com recursos ilimitados VirtualServ
Valor Mensal - R$ 21,00
Taxa única de Setup - R$: 15,00
Espaço em Disco 100 MB (ampliável)
Transferência Mensal 2 GB
Contas de E-mail POP3 personalizadas com anti-vírus - ilimitadas
Subdomínios - ilimitados
Redirecionamento de domínios - ilimitados
Contas de FTP individuais - ilimitadas
Bancos de Dados MY SQL 3.45 - ilimitados
Painel de Controle CPANEL - Sim
Diretório CGI-BIN - Sim
Estatísticas Completas - Sim
Loja Virtual GRÁTIS - Sim
ASP e tarefas CRON - Sim
Suporte Técnico - Sim
Software para e-commerce - Sim
Divulgação permanente na internet - Sim
Não perca tempo, entre hoje mesmo para a VirtualServ e obtenha o serviço mais completo do mercado ! Visite nosso site: http://www.virtualserv.com
Suporte online: suporte(a)virtualserv.com - Fones: (11)6567-3684 ou (11)9443-4276 - h/c - ICQ-141826334
>I am using bro 0.7a90 and was wondering if analysis of other methods
>are being done
>with latest version ...?
It seems a great different has been done. You better read http-detail.bro
http-reply.bro http-request.bro .
免费下载 MSN Explorer: http://explorer.msn.com/lccn
> I can see that Bro supports HTTP methods - GET, HEAD and POST.
> But in between i see entries in weird.log saying -
> 1041827706.208639 184.108.40.206/2254 > *.*.*.*/http: HTTP_unknown_method
> I am using bro 0.7a90 and was wondering if analysis of other methods are
> being done
> with latest version ...?
There's no analysis of additional methods in 0.8, but it knows about
(= won't complain about) the following additional methods:
"OPTIONS", "PUT", "DELETE", "TRACE", "CONNECT",
"PROPFIND", "PROPPATCH", "MKCOL", "DELETE", "PUT",
"COPY", "MOVE", "LOCK", "UNLOCK",
> The author said Bro is modified to generate the 41 features, I
> would preciated if someone is kind enough to give me some hints how
> to do this. I am sure a event analyser and handler sould added to
> Bro, but where, how and when to invoke the event handler.
Presumably, yes, they wrote policy scripts, and perhaps also extended
the event engine. But it seems you should ask the authors directly
to get the details.
> You could also just watch the variable 'drop' returned by pcap_stats(
> ) to see if there are drops.
Yes, but only on some systems, and for some types of drops. As you mention,
on some systems it's not accurate, due to kernel bookkeeping deficiencies,
or because loss occurs on the NIC (which can't always correctly report it)
or at the tap rather than in the kernel.
> However, I am still can't understand why all the status of connection not
> from/to my host is "S0", which means "no answer", while my host's
> connections were all right.
That's very strange, unless in your setup Bro is massively dropping packets.
So the next thing to do is use Bro's "-w tracefile" option to record the
packets it's analyzing. Next time you find an S0 FTP session which you're
sure was successful, extract the corresponding packets from the trace.
If there are just initial SYNs and nothing else, then Bro was correct, and
you were mistaken regarding that particular session being successful.
If on the other hand there's an initial SYN, no SYN-ACK, but a bunch of
subsequent packets related to the connection, then Bro is dropping packets.
I can help with this analysis (send me the trace off-line) if needed.
Thank your answer, Mr. Paxon!
However, I am still can't understand why all the status of connection not
from/to my host is "S0", which means "no answer", while my host's
connections were all right. In my network, my computer was running
Redhat7.3, others windows. As I known, Bro is a network IDS, I think it
should moniter all packets in my network. It is unbleveable that all other
connections were not finished succesfully.
Waiting for your answer. Thank you!
>From: Vern Paxson <vern(a)icir.org>
>To: "Anderson Lee" <andersonlee2002(a)hotmail.com>
>Subject: Re: about Date: Fri, 03 Jan 2003 10:02:49 -0800
> > While the connection
> > between other hosts(also in my network) can not show all information,
> > as src_bytes and dst_bytes, instead of number it show "?".
>The key for those connections is their status. In this case, it is S0:
> > 1041604588.107852 ? ftp ? ? 10.1.2.251 10.1.2.28 S0 X
> > ~~~ ~~~~~
>which (as explained in doc/conn-logs) means "no answer". Because there
>was no answer, the connection does not have a meaningful duration, or
>volume of bytes sent in either direction.
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
> While the connection
> between other hosts(also in my network) can not show all information, such
> as src_bytes and dst_bytes, instead of number it show "?".
The key for those connections is their status. In this case, it is S0:
> 1041604588.107852 ? ftp ? ? 10.1.2.251 10.1.2.28 S0 X
> ~~~ ~~~~~
which (as explained in doc/conn-logs) means "no answer". Because there
was no answer, the connection does not have a meaningful duration, or
volume of bytes sent in either direction.