[Bro-Dev] #890: known-services hasty service detection
Bro Tracker
bro at tracker.bro-ids.org
Tue Oct 2 13:26:52 PDT 2012
#890: known-services hasty service detection
----------------------------+------------------------
Reporter: jsiwek | Owner:
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------------+------------------------
Changes (by jsiwek):
* type: Problem => Merge Request
Comment:
> In this case, I think that the teredo analyzer is confirming the
protocol too early.
It was confirming in a way consistent with the DNS analyzer (the other UDP
protocol logged in known-services), but I think a protocol_confirmation as
a result of a single valid Teredo encapsulation is a lot weaker than one
from a parseable DNS message so it probably does make sense to change the
Teredo analyzer specifically.
Fix is in `topic/jsiwek/delay-teredo-confirm`
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/890#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list