[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bro
Subject:    Re: [Bro] IPS Functionality in BRO
From:       Vern Paxson <vern () icir ! org>
Date:       2006-08-02 6:00:06
Message-ID: 200608020600.k72606YF080654 () jaguar ! icir ! org
[Download RAW message or body]

> const terminate_successful_inbound_service: table[port] of string = {
>               [22/tcp] = "SSH",
> } &redef;
> 
> also i did change the ssh.bro to the following .
> 
> redef restrict_filters += { ["ssh"] = "port 22" };
> 
> But in vain , i could NOT prevent the ssh traffic.

Do you get any output?  Is the "rst" tool in your path and setuid root so
it can forge tear-down traffic?

		Vern

[prev in list] [next in list] [prev in thread] [next in thread]