[Bro-Dev] #890: known-services hasty service detection

Bro Tracker bro at tracker.bro-ids.org
Tue Oct 2 13:26:52 PDT 2012

#890: known-services hasty service detection
  Reporter:  jsiwek         |      Owner:
      Type:  Merge Request  |     Status:  new
  Priority:  Normal         |  Milestone:  Bro2.2
 Component:  Bro            |    Version:  git/master
Resolution:                 |   Keywords:
Changes (by jsiwek):

 * type:  Problem => Merge Request


 > In this case, I think that the teredo analyzer is confirming the
 protocol too early.

 It was confirming in a way consistent with the DNS analyzer (the other UDP
 protocol logged in known-services), but I think a protocol_confirmation as
 a result of a single valid Teredo encapsulation is a lot weaker than one
 from a parseable DNS message so it probably does make sense to change the
 Teredo analyzer specifically.

 Fix is in `topic/jsiwek/delay-teredo-confirm`

Ticket URL: <http://tracker.bro-ids.org/bro/ticket/890#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list