In Bro Manual ,when discuss the "terminate connection (c:
connection)" function ,it metioned a "rst utility" can terminate the
connection.
where can I find the "rst utility"?
Hey,
a bit of motivation to get the documentation up to speed :)
Cheers,
Christian.
-----Forwarded Message-----
> From: Lee Sheng <momosisco(a)hotmail.com>
> To: focus-ids(a)securityfocus.com
> Subject: Re: snort tamandua or prelude ids plus bro?
> Date: Fri, 06 Aug 2004 22:46:53 +0800
>
> rmkml,
>
> Actually i'm thinking of adding bro too, but the thing is lack of
> documentation on Bro, can you point me out where can i find useful
> whitepaper or guides on deploying Bro cause I got no time to start
> everything from scratch.
>
> Thanks.
>
>
> Regards,
> Lee
>
>
> >From: rmkml <rmkml(a)wanadoo.fr>
> >To: Lee Sheng <momosisco(a)hotmail.com>
> >Subject: Re: snort tamandua or prelude ids
> >Date: Fri, 6 Aug 2004 16:32:49 +0200 (CEST)
> >
> >Hi Lee,
> >
> >add bro in possible choice ?
> >
> >Regards
> >
> >Rmkml(a)Wanadoo.fr
> >
> >
> >On Fri, 6 Aug 2004, Lee Sheng wrote:
> >
> >>Date: Fri, 06 Aug 2004 18:37:16 +0800
> >>From: Lee Sheng <momosisco(a)hotmail.com>
> >>To: focus-ids(a)securityfocus.com
> >>Subject: snort tamandua or prelude ids
> >>
> >>All,
> >>
> >>Thanks to all of you who have answered my question, it's so nice to get so
> >>many suggestions nad helps from the community.
> >>
> >>My another question is no doubt the snort is one of the best ids compare
> >>to other ids. However I really interested in the tamandua ids which
> >>implementing the boolean layer to detect the patent of the attack(less
> >>alse postive). Anyone have experiences in deploying tamandua ids and I
> >>would like to know whether tamandua ids is still active or the development
> >>of tamandua ids is already dead. If you have experience on deploying,
> >>hopefully you guys can share expericience with me. Then about the prelude
> >>IDS, prelude ids seems very complicated and I still not sure where to
> >>start. Anyone have any ideas cause now I still in the way of thinking
> >>which ids to deploy for the company. Snort, tamandua or prelude?
> >>Prelude seems more in depth on tracking what attacker try to do with HIDS
> >>as well. I've one and half years experience in snort (not in transparent
> >>mode of course). If I want to save my time, sure I will choose snort,
> >>however I would like to hear from you all. Thanks again.
> >>
> >>
> >>Regards,
> >>Lee
> >>
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25http://www.whoop.org
hello:
when a event happpend ,how to make its event handler to call a
external command?For example , call a alarm program to alert
administrator or call a external command like iptables to respond the
attack event?
Is there a function like "exec()" in C?
--
Best regards,
kong mailto:kong@etexchina.com