Bro 0.6 and empty const values

Is there a way to
specify that the const value is empty where it is declared?

Yes, but in that case you have to specify a type for the variable,
too, since Bro can't infer it. So, for example:

  const ftp_servers: set[addr];

With the 0.7 release, there will be significantly smoother support
for defining things like the above and overriding them. For example,
you'll be able to do:

  const ftp_servers: set[addr] &redef; # &redef = it's okay to redefine


  const ftp_servers += {, };


  const ftp_servers += { };


  # Don't consider an FTP server for our particular
  # local policy.
  const ftp_servers -= { };

and at the end of this ftp_servers is initialized to {, }.

One more thing. I was unable to subscribe to this mailing list via responds with a "use unknown" reply. If
anyone knows why this is, I would appreciate the information.

The mailing list is now run by majordomo. To get on it, send a message to with the *body* "subscribe bro". If you found
stale information somewhere that said to try, please
let me know.



I wonder if there is a repository of attack signatures (e.g., for various
NetBIOS/SMB-based attacks) that can be added to Bro.
If not, maybe we should start one?

Thanks a lot