[Bro-Dev] #890: known-services hasty service detection
Bro Tracker
bro at tracker.bro-ids.org
Wed Oct 3 13:34:26 PDT 2012
#890: known-services hasty service detection
----------------------------+------------------------
Reporter: jsiwek | Owner:
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------------+------------------------
Comment (by jsiwek):
Replying to [comment:3 robin]:
> Question about the code: {{{Teredo_Analyzer::DeliverPacket()}}} clear
the {{{valid_orig/valid_resp}}} flags with every packet. Is that indeed
the intent? What I'd expect is that once one ir's set, it stays so for the
remainder of the connection?
Kind of what I was going for was that both the latest packet from orig and
latest packet from resp are valid teredo encapsulations, which I thought
was a stronger indication that it's actually teredo than just somewhere in
the connection one packet from orig and one packet from resp happened to
have a valid teredo encapsulation. Do you think that's a good idea or no?
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/890#comment:4>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list