zeek August 2004

zeek@lists.zeek.org

4 participants
3 discussions

by kong

In Bro Manual ,when discuss the "terminate connection (c: connection)" function ,it metioned a "rst utility" can terminate the connection. where can I find the "rst utility"?

16 years, 5 months

[Bro] [Fwd: Re: snort tamandua or prelude ids plus bro?]

by Christian Kreibich

Hey, a bit of motivation to get the documentation up to speed :) Cheers, Christian. -----Forwarded Message----- > From: Lee Sheng <momosisco(a)hotmail.com> > To: focus-ids(a)securityfocus.com > Subject: Re: snort tamandua or prelude ids plus bro? > Date: Fri, 06 Aug 2004 22:46:53 +0800 > > rmkml, > > Actually i'm thinking of adding bro too, but the thing is lack of > documentation on Bro, can you point me out where can i find useful > whitepaper or guides on deploying Bro cause I got no time to start > everything from scratch. > > Thanks. > > > Regards, > Lee > > > >From: rmkml <rmkml(a)wanadoo.fr> > >To: Lee Sheng <momosisco(a)hotmail.com> > >Subject: Re: snort tamandua or prelude ids > >Date: Fri, 6 Aug 2004 16:32:49 +0200 (CEST) > > > >Hi Lee, > > > >add bro in possible choice ? > > > >Regards > > > >Rmkml(a)Wanadoo.fr > > > > > >On Fri, 6 Aug 2004, Lee Sheng wrote: > > > >>Date: Fri, 06 Aug 2004 18:37:16 +0800 > >>From: Lee Sheng <momosisco(a)hotmail.com> > >>To: focus-ids(a)securityfocus.com > >>Subject: snort tamandua or prelude ids > >> > >>All, > >> > >>Thanks to all of you who have answered my question, it's so nice to get so > >>many suggestions nad helps from the community. > >> > >>My another question is no doubt the snort is one of the best ids compare > >>to other ids. However I really interested in the tamandua ids which > >>implementing the boolean layer to detect the patent of the attack(less > >>alse postive). Anyone have experiences in deploying tamandua ids and I > >>would like to know whether tamandua ids is still active or the development > >>of tamandua ids is already dead. If you have experience on deploying, > >>hopefully you guys can share expericience with me. Then about the prelude > >>IDS, prelude ids seems very complicated and I still not sure where to > >>start. Anyone have any ideas cause now I still in the way of thinking > >>which ids to deploy for the company. Snort, tamandua or prelude? > >>Prelude seems more in depth on tracking what attacker try to do with HIDS > >>as well. I've one and half years experience in snort (not in transparent > >>mode of course). If I want to save my time, sure I will choose snort, > >>however I would like to hear from you all. Thanks again. > >> > >> > >>Regards, > >>Lee > >> -- ________________________________________________________________________ http://www.cl.cam.ac.uk/~cpk25 http://www.whoop.org

16 years, 5 months

[Bro] how to call a external command

by kong

hello: when a event happpend ,how to make its event handler to call a external command?For example , call a alarm program to alert administrator or call a external command like iptables to respond the attack event? Is there a function like "exec()" in C? -- Best regards, kong mailto:kong@etexchina.com

16 years, 5 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

zeek August 2004