an easy and consistent way of installing software ported to FreeBSD
Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS)
that passively monitors network traffic and looks for suspicious activity.
Bro detects intrusions by first parsing network traffic to extract is
application-level semantics and then executing event-oriented analyzers that
compare the activity with patterns deemed troublesome. Its analysis includes
detection of specific attacks (including those defined by signatures, but
also those defined in terms of events) and unusual activities (e.g., certain
hosts connecting to certain services, or patterns of failed connection
attempts).
Bro is documented in the USENIX 1998 Security Conference proceedings.
-- Paul
pauls@utdallas.edu
WWW: http://bro-ids.org/
bin/adtrace
bin/bdcat
bin/binpac
bin/bro
bin/broccoli-config
bin/broconftest
bin/broconn
bin/broenum
bin/brohose
bin/broping
bin/cf
bin/hf
bin/nf
bin/pf
bin/rst
bro/etc/alert_scores
bro/etc/signature_scores
bro/etc/VERSION
bro/policy/OS-fingerprint.bro
bro/policy/adu.bro
bro/policy/alarm.bro
bro/policy/analy.bro
bro/policy/anon.bro
bro/policy/arp.bro
bro/policy/backdoor.bro
bro/policy/blaster.bro
bro/policy/bro.bif.bro
bro/policy/bro.init
bro/policy/brolite-backdoor.bro
bro/policy/brolite-sigs.bro
bro/policy/brolite.bro
bro/policy/capture-events.bro
bro/policy/checkpoint.bro
bro/policy/clear-passwords.bro
bro/policy/common-rw.bif.bro
bro/policy/conn-id.bro
bro/policy/conn.bro
bro/policy/const.bif.bro
bro/policy/contents.bro
bro/policy/cpu-adapt.bro
bro/policy/demux.bro
bro/policy/detect-protocols-http.bro
bro/policy/detect-protocols.bro
bro/policy/dns-anonymizer.bro
bro/policy/dns-info.bro
bro/policy/dns-lookup.bro
bro/policy/dns-rw.bif.bro
bro/policy/dns.bro
bro/policy/dpd.bro
bro/policy/drop-adapt.bro
bro/policy/dyn-disable.bro
bro/policy/event.bif.bro
bro/policy/file-flush.bro
bro/policy/finger-rw.bif.bro
bro/policy/finger.bro
bro/policy/firewall.bro
bro/policy/flag-irc.bro
bro/policy/flag-warez.bro
bro/policy/frag.bro
bro/policy/ftp-anonymizer.bro
bro/policy/ftp-cmd-arg.bro
bro/policy/ftp-reply-pattern.bro
bro/policy/ftp-rw.bif.bro
bro/policy/ftp-safe-words.bro
bro/policy/ftp.bro
bro/policy/gnutella.bro
bro/policy/hand-over.bro
bro/policy/heavy-analysis.bro
bro/policy/heavy.http.bro
bro/policy/heavy.irc.bro
bro/policy/heavy.scan.bro
bro/policy/heavy.software.bro
bro/policy/heavy.trw.bro
bro/policy/hot-ids.bro
bro/policy/hot.bro
bro/policy/http-abstract.bro
bro/policy/http-anon-server.bro
bro/policy/http-anon-useragent.bro
bro/policy/http-anon-utils.bro
bro/policy/http-anonymizer.bro
bro/policy/http-body.bro
bro/policy/http-entity.bro
bro/policy/http-event.bro
bro/policy/http-header.bro
bro/policy/http-reply.bro
bro/policy/http-request.bro
bro/policy/http-rewriter.bro
bro/policy/http-rw.bif.bro
bro/policy/http.bro
bro/policy/icmp.bro
bro/policy/ident-rewriter.bro
bro/policy/ident-rw.bif.bro
bro/policy/ident.bro
bro/policy/inactivity.bro
bro/policy/interconn.bro
bro/policy/irc-bot.bro
bro/policy/irc.bro
bro/policy/large-conns.bro
bro/policy/listen-clear.bro
bro/policy/listen-ssl.bro
bro/policy/load-level.bro
bro/policy/load-sample.bro
bro/policy/log-append.bro
bro/policy/login.bro
bro/policy/mime-pop.bro
bro/policy/mime.bro
bro/policy/mt.bro
bro/policy/netstats.bro
bro/policy/nfs.bro
bro/policy/notice-action-filters.bro
bro/policy/notice-policy.bro
bro/policy/notice.bro
bro/policy/ntp.bro
bro/policy/passwords.bro
bro/policy/pcap.bro
bro/policy/peer-status.bro
bro/policy/pkt-profile.bro
bro/policy/pop3.bro
bro/policy/port-name.bro
bro/policy/portmapper.bro
bro/policy/print-filter.bro
bro/policy/print-globals.bro
bro/policy/print-resources.bro
bro/policy/print-sig-states.bro
bro/policy/profiling.bro
bro/policy/proxy.bro
bro/policy/remote-pcap.bro
bro/policy/remote-ping.bro
bro/policy/remote-print.bro
bro/policy/remote-report-notices.bro
bro/policy/remote-send-id.bro
bro/policy/remote.bro
bro/policy/rotate-logs.bro
bro/policy/rsh.bro
bro/policy/scan.bro
bro/policy/secondary-filter.bro
bro/policy/sensor-sshd.bro
bro/policy/server-ports.bro
bro/policy/service-probe.bro
bro/policy/sig-action.bro
bro/policy/sig-addendum.sig
bro/policy/sig-functions.bro
bro/policy/signatures.bro
bro/policy/sigs/dpd.sig
bro/policy/sigs/ex.web-rules.sig
bro/policy/sigs/p0fsyn.osf
bro/policy/sigs/snort-default.sig
bro/policy/sigs/ssl-worm.sig
bro/policy/sigs/worm.sig
bro/policy/site.bro
bro/policy/smtp-relay.bro
bro/policy/smtp-rewriter.bro
bro/policy/smtp-rw.bif.bro
bro/policy/smtp.bro
bro/policy/snort.bro
bro/policy/software.bro
bro/policy/ssh-stepping.bro
bro/policy/ssh.bro
bro/policy/ssl-alerts.bro
bro/policy/ssl-ciphers.bro
bro/policy/ssl-errors.bro
bro/policy/ssl-worm.bro
bro/policy/ssl.bro
bro/policy/stats.bro
bro/policy/stepping.bro
bro/policy/strings.bif.bro
bro/policy/synflood.bro
bro/policy/tcp.bro
bro/policy/tftp.bro
bro/policy/trw-impl.bro
bro/policy/trw.bro
bro/policy/udp-common.bro
bro/policy/udp.bro
bro/policy/vlan.bro
bro/policy/weird.bro
bro/policy/worm.bro
bro/scripts/bro-logchk.pl
bro/scripts/bro.rc
bro/scripts/bro.rc-hooks.sh
bro/scripts/bro_config
bro/scripts/bro_log_compress.sh
bro/scripts/edit-brorule.pl
bro/scripts/frontend-mail-reports.sh
bro/scripts/frontend-site-report.sh
bro/scripts/host-grep
bro/scripts/host-to-addrs
bro/scripts/localnetMAC.pl
bro/scripts/mail_notice.sh
bro/scripts/mvlog
bro/scripts/push_logs.sh
bro/scripts/site-report.pl
@unexec if cmp -s %D/bro/site/local.site.bro.default %D/bro/site/local.site.bro; then rm -f %D/bro/site/local.site.bro; fi
bro/site/local.site.bro.default
bro/site/signatures.sig
@unexec if cmp -s %D/etc/bro.cfg.sample %D/etc/bro.cfg; then rm -f %D/etc/bro.cfg; fi
etc/bro.cfg.example
etc/broccoli.conf
include/broccoli.h
share/broccoli/broconn.bro
share/broccoli/broenum.bro
share/broccoli/brohose.bro
share/broccoli/broping-record.bro
share/broccoli/broping.bro
share/gtk-doc/html/broccoli/a2850.html
share/gtk-doc/html/broccoli/api.html
share/gtk-doc/html/broccoli/broccoli-broccoli.html
share/gtk-doc/html/broccoli/c21.html
share/gtk-doc/html/broccoli/c55.html
share/gtk-doc/html/broccoli/c85.html
share/gtk-doc/html/broccoli/images/caution.gif
share/gtk-doc/html/broccoli/images/logo.jpg
share/gtk-doc/html/broccoli/images/note.gif
share/gtk-doc/html/broccoli/images/warning.gif
share/gtk-doc/html/broccoli/index.html
share/gtk-doc/html/broccoli/stylesheet.css
share/libbroccoli.a
share/libbroccoli.la
share/libbroccoli.so
share/libbroccoli.so.0
@unexec if [ -f %D/%%DOCSDIR%%/bro-deployment.pdf ]; then rm -f %D/%%DOCSDIR%%/bro-deployment.pdf; fi
@unexec if [ -f %D/%%DOCSDIR%%/Bro-quick-start.pdf ]; then rm -f %D/%%DOCSDIR%%/Bro-quick-start.pdf; fi
@unexec if [ -f %D/%%DOCSDIR%%/Bro-user-manual.pdf ]; then rm -f %D/%%DOCSDIR%%/Bro-user-manual.pdf; fi
@dirrmtry %%DOCSDIR%%
@dirrm share/gtk-doc/html/broccoli/images
@dirrm share/gtk-doc/html/broccoli
@dirrmtry share/gtk-doc/html
@dirrmtry share/gtk-doc
@dirrm share/broccoli
@dirrmtry bro/var
@dirrmtry bro/site
@dirrmtry bro/scripts
@dirrmtry bro/reports
@dirrmtry bro/policy/sigs
@dirrmtry bro/policy
@dirrmtry bro/logs
@dirrmtry bro/etc
@dirrmtry bro/archive
@dirrmtry bro