Skip to content

Instantly share code, notes, and snippets.

@JustinAzoff

JustinAzoff/addr_scan_policy.bro

Created May 4, 2016 15:53
Show Gist options
  • Save JustinAzoff/6fc117ee3f790d4d99817bc939881ba2 to your computer and use it in GitHub Desktop.
Save JustinAzoff/6fc117ee3f790d4d99817bc939881ba2 to your computer and use it in GitHub Desktop.
Download ZIP
addr_scan_policy example
Raw
addr_scan_policy.bro
export {
const scan_ports: set[port] = {22/tcp,3389/tcp} &redef;
}
hook Scan::addr_scan_policy(scanner: addr, victim: addr, scanned_port: port)
{
if(scanned_port !in scan_ports)
break;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment