[Bro-Dev] [JIRA] (BIT-1444) Connection logging for ESP

Seth Hall (JIRA) Fri, 04 Sep 2015 11:45:05 -0700

    [ 
https://bro-tracker.atlassian.net/browse/BIT-1444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21960#comment-21960
 ]


Seth Hall commented on BIT-1444:
--------------------------------

Let's get some packet captures attached to this ticket.  That going to be the 
best way to support this.

We will look into supporting a mechanism where we can report how much 
unsupported traffic is seen until we support the IPSec protocols.

> Connection logging for ESP
> --------------------------
>
>                 Key: BIT-1444
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1444
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>            Reporter: Jimmy Jones
>            Assignee: Vlad Grigorescu
>            Priority: Low
>
> I'd like to be able to track ESP (IPSec) connections in conn.log. Although 
> ESP is encrypted, the ability to track volumes and pattern of life etc would 
> be beneficial when doing intrusion analysis.



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)

_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1444) Connection logging for ESP

Reply via email to