I would like to propose a new event in Bro, one that would fire when a UDP connection is established (i.e. a response is observed within some time frame after a request is seen). Basically, the UDP equivalent of connection_established.
Currently, I think the only way to do this would be either with new_connection or with udp_reply. Neither of these seem like great solutions, as they'd require keeping state in script-land, and most of the events wouldn't be useful. Does anyone have thoughts about this? Thanks, --Vlad
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
