[Bro-Dev] #285: unsolicited SYN|ACK leads to Event(connection_established) in TCP.cc
Bro Tracker
bro-dev at bro-ids.org
Wed Sep 29 22:53:05 PDT 2010
#285: unsolicited SYN|ACK leads to Event(connection_established) in TCP.cc
--------------------------------+-------------------------------------------
Reporter: hartley.87@… | Type: Problem
Status: new | Priority: Normal
Component: Bro | Version: 1.5.1
Keywords: |
--------------------------------+-------------------------------------------
Comment(by hartley.87@…):
I bet scheduling an event which checks for the existence of the connection
a short time after connection_established
would "fix" this -- maybe not an error in TCP.cc, but rather in the bro
script which acts on it?
But http://www.bro-ids.org/wiki/index.php/User_Manual:_Customizing_Bro in
"Writing New Policy" refutes that idea
pretty well.
--
Ticket URL: <http://tracker.icir.org/bro/ticket/285#comment:2>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list