[Bro] Question on quick start documentation SSH:Login example.

Seth Hall seth at icir.org
Wed Aug 6 21:26:55 PDT 2014

On Aug 6, 2014, at 5:35 PM, Siwek, Jon <jsiwek at illinois.edu> wrote:

> The “undetermined” is saying it doesn’t even have a guess as to whether the ssh log in failed or was successful so either type of analysis you’ve tried so far won’t notice anything interesting happening because they’re only concerned about ssh logins with a status of “success” or “failure". 

This is where I twist Vlad's arm hard to finish his work on his rewritten SSH analyzer so that we can get rid of my crummy success determiner for SSH connections.  His new one appears to do a greatly improved job at determining success and failure for logins.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140807/adf4625e/attachment.bin 

More information about the Bro mailing list