[Bro] Protocol Violation with Google IPs

Diogo Corteletti de Oliveira diogo_c at brturbo.com.br
Fri Jan 25 05:47:37 PST 2008

Hello Guys,

                   Anyone is having ProtocolViolation alarms with Google 
IPs? Analizying the packet trace I've noticed that either GMAIL or 
Google Talk is alerting Protocol Violation for the HTTP Analyzer.

t=1201268671.707425 no=ProtocolViolation na=NOTICE_ALARM_ALWAYS 
sa=x.x.x.x sp=1233/tcp da= dp=80/tcp msg=x.x.x.x/1233\ >\\ analyzer\ HTTP\ disabled\ due\ to\ protocol\ 
violation sub=not\ a\ http\ reply\ line tag=@4792


More information about the Bro mailing list