blob: 3620bfe9b871a6b3f73ae489f5681f5f5485bf1d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS)
that passively monitors network traffic and looks for suspicious activity.
Bro detects intrusions by first parsing network traffic to extract is
application-level semantics and then executing event-oriented analyzers that
compare the activity with patterns deemed troublesome. Its analysis includes
detection of specific attacks (including those defined by signatures, but
also those defined in terms of events) and unusual activities (e.g., certain
hosts connecting to certain services, or patterns of failed connection
attempts).
Bro is documented in the USENIX 1998 Security Conference proceedings.
-- Paul
pauls@utdallas.edu
WWW: http://bro-ids.org/
|
