Bro Digest, Vol 122, Issue 6

Hi Giorgio,

As I recall, BRO only provides tap mode so far, haven’t heard of using BRO in inline mode, or I might be wrong.
So BRO really can’t block anything in your traffic, you need to use external scripts to perform the trick for you.
One of the possible solutions, as far as I can think on top of my head, is to block the source IP from which file is being transferred,
because I think once BRO logs the file details in log file, the transfer have already happened, so I think you can’t block the file transfer in the transit. Or there might be ways which I might not be familiar with.
Can you share your script?

Thanks,
Fatema.