-----BEGIN PGP SIGNED MESSAGE-----
Good afternoon, list. I'm hoping to get a quick opinion on some
hardware. I've done some brief looking and not really found what I'm
seeking so I'll post here in hopes that one of you can share some
I'm exploring deployment of some Bro boxes and was hoping to leverage
a great deal that Sun is offering to get the hardware. I know that
the boxes can do what I need them to do, as I've worked on Bro
implementations elsewhere. What I'd really like to know is if anyone
has used the Sun (Intel Chipset 82598) dual port 10g cards? They're a
decent savings of capitol, but I'd rather just spend the money to get
the cards I'm used to (single port 10g Intel or Myricom) if the dual
port cards behave strangely or are a time-vortex to get working.
I'm making an assumption that the dual port cards operate similar to
the single port cards. Has anyone used these in a bro deployment?
Network Engineer, CITES, University of Illinois
GPG key 0x2E5B44F4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
-----END PGP SIGNATURE-----
Since upgrading to Robin's latest cluster policy scripts I'm seeing a
lot of alarms for SSL_SessConIncon notices. ssl.bro raises this notice
when a current SSL connection does not match either the version or
cipher of a previous matching connection, and bro has inferred that the
SSL connection was cached and reused. Is this a known bug in ssl.bro?
FWIW, it only happens with one very busy server on our network, and for
both simap and https connections. I can gather more information if we
need to debug the problem.
I'll be working on preparing the cluster shell (i.e., everything in
aux/cluster in my work branch) for inclusion into Bro 1.5. The plan
is to then also use the shell framework for standard,
non-clusterized installations (replacing Bro Lite).
For those who have already experimented with the cluster shell: if
there is anything particular you'd like to see changed/added/fixed,
please file a corresponding feature request (or problem report if
it's a bug) with our tracker at http://tracker.icir.org.bro and set
the component to "Cluster Shell". I can't promise to get to
everything but I'd like to get an idea of what people find missing.
Robin Sommer * Phone +1 (510) 666-2886 * robin(a)icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org