Bro includes two important active response capabilities that allow sites to use Bro for intrusion prevention, and not just intrusion detection. These include the ability to terminate a connection known to be an instrusion, and the ability to update a blocking router's access control list (ACL) to block attacking hosts.