Hi
Can bro captures and analyzes the real network traffic but not copies, and so that we can stop
the instruction on the server.
Regards.
Hi,
starting with:
http://www.bro-ids.org/bro-workshop-2007/slides/Bro-IPS.pdf
Regards
Rmkml
That still doesn’t make Bro an IPS though. An IPS blocks
malicious traffic itself. Reconfiguring a nearby router after
the original malicious traffic went through doesn’t do any good
if the goal is to stop the initial malicious session. It is useful though…
especially for machines infected with worms that generate a lot of traffic.
Kyle
So, no, Bro does not provide inline capabilities at this point.
Robin