[Bro-Dev] #311: DPD mistakenly thinking HTTP is IRC

Bro Tracker bro at tracker.bro-ids.org
Mon Dec 12 10:09:33 PST 2011


#311: DPD mistakenly thinking HTTP is IRC
-----------------------------+--------------------
  Reporter:  vern            |      Owner:
      Type:  Problem         |     Status:  closed
  Priority:  Normal          |  Milestone:
 Component:  Bro             |    Version:
Resolution:  Solved/Applied  |   Keywords:
-----------------------------+--------------------

Comment (by seth):

 On Dec 12, 2011, at 11:26 AM, Gregor Maier wrote:

 > Note that we should still fix the IRC analyzer. The signatures should
 > just be a hint for the analyzer (to speed things up) and that the
 > analyzer can detect whether it's parsing the right protocol.

 Agreed.  I noted on the other ticket you filed that when we get around to
 reassessing DPD we make sure and fix the IRC analyzer since there
 definitely needs to be a way to detach it.  Doing it at script land might
 even be the right way to go though.

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/311#comment:7>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker



More information about the bro-dev mailing list