[Bro-Dev] #890: known-services hasty service detection
Bro Tracker
bro at tracker.bro-ids.org
Mon Oct 1 13:43:01 PDT 2012
#890: known-services hasty service detection
----------------------+------------------------
Reporter: jsiwek | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------+------------------------
Comment (by seth):
> Bill Jones was specifically having trouble with Teredo. From the
mailing
> list "I don't think TEREDO is working correctly. It is filling up the
> known_services.log with entries for local host ports that I know are
> closed just because there was a TEREDO packet sent to that port."
In this case, I think that the teredo analyzer is confirming the protocol
too early. Eventually we are going to have to address the subtleties in
protocol confirmation and protocol violation though, they don't feel
expressive enough yet.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/890#comment:0>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list