Hi,
My name is Ji-Hoon, Lee and nice to meet you all
I have an interest in detecting network threats and measuring the loss of bandwidth caused by them.
So, I choose the Bro to detect them. I’ve read manual and installed Bro to my FreeBSD. It works good!!
and I also ran Tcpdump to record all packets on my local network for one day.
Today I put tcpdump file to the Bro to analysis with mt.bro policy file. Bro returns many weird logs and works good.
but when I put with mt.bro and worm.bro policy files. It makes segmentation fault. Worm analyzer doesn’t work perfect now ?
and I have one more question. I want to add another virus/worm detection feature to Bro. (Likes Klez or Lovegate)
But Manual is hard for me to do that job so I’m looking for information that can help me. Where can I find it ?
Thank to reading my poor writing (Sometimes I think I have to study English first of all --") and hope you all have a nice weekend.