Bro and ICMP

Dan_Wyschogrod · June 24, 2011, 1:15pm

Several of us in the Cyber Security group at BBN are beginning to explore Bro for use in one of our projects. Currently, we're thinking of using it to monitor ICMP traffic. I've noticed that in the reference manual there's a not-filled-in entry on an ICMP analyzer and in the source code there's an ICMP analysis script and what appears to be an analyzer in the source code. Is there active work going on in detecting ICMP irregularities using Bro? Is there any interest in contributions to Bro of some ICMP sensors we've begun working on?

Thanks,
Dan Wyschogrod

Seth_Hall3 · June 24, 2011, 1:23pm

Several of us in the Cyber Security group at BBN are beginning to explore Bro for use in one of our projects.

Cool!

Is there active work going on in detecting ICMP irregularities using Bro?

Not too actively, but I'm deep in the midst of a complete shipped-scripts rewrite. I have a new ICMP script mostly done, but I was a little lost about where to go with it. Any clues would be greatly appreciated.

Is there any interest in contributions to Bro of some ICMP sensors we've begun working on?

Absolutely.

.Seth

Topic		Replies	Views
Two Questions about Bro Zeek	1	50	May 6, 2022
icmp and bro Zeek	1	58	May 6, 2022
Netflow and Bro Zeek	2	69	May 6, 2022
Typical Bro use case Zeek	2	74	May 6, 2022
Packet Level Analysis Zeek	3	53	May 6, 2022

Bro and ICMP

Related Topics