zeek August 2004

zeek@lists.zeek.org

4 participants
3 discussions

by kong

In Bro Manual ,when discuss the "terminate connection (c: connection)" function ,it metioned a "rst utility" can terminate the connection. where can I find the "rst utility"?

17 years, 10 months

[Bro] [Fwd: Re: snort tamandua or prelude ids plus bro?]

by Christian Kreibich

Hey, a bit of motivation to get the documentation up to speed :) Cheers, Christian. -----Forwarded Message----- > From: Lee Sheng <momosisco(a)hotmail.com> > To: focus-ids(a)securityfocus.com > Subject: Re: snort tamandua or prelude ids plus bro? > Date: Fri, 06 Aug 2004 22:46:53 +0800 > > rmkml, > > Actually i'm thinking of adding bro too, but the thing is lack of > documentation on Bro, can you point me out where can i find useful > whitepaper or guides on deploying Bro cause I got no time to start > everything from scratch. > > Thanks. > > > Regards, > Lee > > > >From: rmkml <rmkml(a)wanadoo.fr> > >To: Lee Sheng <momosisco(a)hotmail.com> > >Subject: Re: snort tamandua or prelude ids > >Date: Fri, 6 Aug 2004 16:32:49 +0200 (CEST) > > > >Hi Lee, > > > >add bro in possible choice ? > > > >Regards > > > >Rmkml(a)Wanadoo.fr > > > > > >On Fri, 6 Aug 2004, Lee Sheng wrote: > > > >>Date: Fri, 06 Aug 2004 18:37:16 +0800 > >>From: Lee Sheng <momosisco(a)hotmail.com> > >>To: focus-ids(a)securityfocus.com > >>Subject: snort tamandua or prelude ids > >> > >>All, > >> > >>Thanks to all of you who have answered my question, it's so nice to get so > >>many suggestions nad helps from the community. > >> > >>My another question is no doubt the snort is one of the best ids compare > >>to other ids. However I really interested in the tamandua ids which > >>implementing the boolean layer to detect the patent of the attack(less > >>alse postive). Anyone have experiences in deploying tamandua ids and I > >>would like to know whether tamandua ids is still active or the development > >>of tamandua ids is already dead. If you have experience on deploying, > >>hopefully you guys can share expericience with me. Then about the prelude > >>IDS, prelude ids seems very complicated and I still not sure where to > >>start. Anyone have any ideas cause now I still in the way of thinking > >>which ids to deploy for the company. Snort, tamandua or prelude? > >>Prelude seems more in depth on tracking what attacker try to do with HIDS > >>as well. I've one and half years experience in snort (not in transparent > >>mode of course). If I want to save my time, sure I will choose snort, > >>however I would like to hear from you all. Thanks again. > >> > >> > >>Regards, > >>Lee > >> -- ________________________________________________________________________ http://www.cl.cam.ac.uk/~cpk25 http://www.whoop.org

17 years, 10 months

[Bro] how to call a external command

by kong

hello: when a event happpend ,how to make its event handler to call a external command?For example , call a alarm program to alert administrator or call a external command like iptables to respond the attack event? Is there a function like "exec()" in C? -- Best regards, kong mailto:kong@etexchina.com

17 years, 10 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

zeek August 2004