Hi all,
Can Bro block packets or part of traffic, in addition to logging? Or is this something that needs to be configured on an aggregator or tap? I apologize if this is a very simple topic, as I’m a Bro noob.
Best regards,
Daniel Manzo
Hello Daniel,
to interact with the traffic on your network, e.g. by installing blocking
rules into your hardware, you can use the NetControl framework, which is
part of our current development version and will be part of 2.5.
Documentation is available at
https://www.bro.org/sphinx-git/frameworks/netcontrol.html and
https://github.com/bro/bro-netcontrol
Apart from that, Bro by itself can not block traffic; it depends on
outside hardware or software to do that, but it can be used to push rules
out depending on the traffic that you see.
I hope that helps,
Johanna