|
|
Document Details
Bro
Description: Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Bro detects intrusions by first parsing network traffic to extract is application-level semantics and then executing event-oriented analyzers that compare the activity with patterns deemed troublesome. Its analysis includes detection of specific attacks (including those defined by signatures, but also those defined in terms of events) and unusual activities (e.g., certain hosts connecting to certain services, or patterns of failed connection attempts).
Bro uses a specialized policy language that allows a site to tailor Bro%60s operation, both as site policies evolve and as new attacks are discovered. If Bro detects something of interest, it can be instructed to either generate a log entry, alert the operator in real-time, execute an operating system command (e.g., to terminate a connection or block a malicious host on-the-fly). In addition, Bro%60s detailed log files can be particularly useful for forensics.
Bro targets high-speed (Gbps), high-volume intrusion detection. By judiciously leveraging packet-filtering techniques, Bro is able to achieve the necessary performance while running on commercially available PC hardware, and thus can serve as a cost-effective means of monitoring a site%60s Internet connection.
| Name |
Bro |
| Keywords |
|
| Filesize |
3.8 MB |
| Google Ads |
|
| Filetype |
gz (Mime Type: application/x-compressed-tar) |
| Creator |
Everybody |
| Created On: |
09/19/2007 00:00 |
| Viewers |
Everybody |
| Maintained by |
Zinho |
| Hits |
40 Hits |
| Last updated on |
12/31/1969 16:00 |
| Homepage |
|
| CRC Checksum |
|
| MD5 Checksum |
|
You need to login to download texts/tools. Register here, it's fast and free!
|
|
|
