Bro 0.6 and empty const values

Is there a way to
specify that the const value is empty where it is declared?

Yes, but in that case you have to specify a type for the variable,
too, since Bro can't infer it. So, for example:

  const ftp_servers: set[addr];

With the 0.7 release, there will be significantly smoother support
for defining things like the above and overriding them. For example,
you'll be able to do:

  const ftp_servers: set[addr] &redef; # &redef = it's okay to redefine

  ...

  const ftp_servers += { webfarm.myorg.org, webfarm2.myorg.org };

  ...

  const ftp_servers += { departmental.ftp.myorg.org };

  ...

  # Don't consider webfarm.myorg.org an FTP server for our particular
  # local policy.
  const ftp_servers -= { webfarm.myorg.org };

and at the end of this ftp_servers is initialized to { webfarm2.myorg.org,
departmental.ftp.myorg.org }.

One more thing. I was unable to subscribe to this mailing list via
bro-subscribe@lbl.gov. lbl.gov responds with a "use unknown" reply. If
anyone knows why this is, I would appreciate the information.

The mailing list is now run by majordomo. To get on it, send a message to
majordomo@listserv.lbl.gov with the *body* "subscribe bro". If you found
stale information somewhere that said to try bro-subscribe@llb.gov, please
let me know.

    Vern

Hi!

I wonder if there is a repository of attack signatures (e.g., for various
NetBIOS/SMB-based attacks) that can be added to Bro.
If not, maybe we should start one?

Thanks a lot
Genie