[Bro-Dev] #890: known-services hasty service detection
Bro Tracker
bro at tracker.bro-ids.org
Wed Oct 3 16:00:28 PDT 2012
#890: known-services hasty service detection
----------------------------+------------------------
Reporter: jsiwek | Owner:
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------------+------------------------
Comment (by robin):
On Wed, Oct 03, 2012 at 20:34 -0000, you wrote:
> Kind of what I was going for was that both the latest packet from orig
and
> latest packet from resp are valid teredo encapsulations, which I
thought
> was a stronger indication that it's actually teredo than just somewhere
in
> the connection one packet from orig and one packet from resp happened
to
> have a valid teredo encapsulation. Do you think that's a good idea or
no?
I see. Yeah, sounds like it should work in this case (it's just an
uncommon idiom, that's why I stubled across it.)
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/890#comment:6>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list