[Bro-Dev] #890: known-services hasty service detection
Bro Tracker
bro at tracker.bro-ids.org
Tue Oct 2 13:19:56 PDT 2012
#890: known-services hasty service detection
----------------------+------------------------
Reporter: jsiwek | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------+------------------------
Comment (by jsiwek):
In [5f3af9e9ebd474f41d2c20d64cd6ac0a37f75782/bro]:
{{{
#!CommitTicketReference repository="bro"
revision="5f3af9e9ebd474f41d2c20d64cd6ac0a37f75782"
Add new Tunnel::delay_teredo_confirmation option, default to true.
This option indicates that the Teredo analyzer should wait until
it sees both sides of a connection using a valid Teredo encapsulation
before issuing a protocol_confirmation. Previous behavior confirmed
on the first instance of a valid encapsulation, which could result
in more false positives (and e.g. bogus entries in known-services.log).
Addresses #890.
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/890#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list