[Bro-Dev] [JIRA] (BIT-1090) fatal error Val::CONVERTER

tyler.schoenke (JIRA) jira at bro-tracker.atlassian.net
Thu Oct 31 08:06:03 PDT 2013

    [ https://bro-tracker.atlassian.net/browse/BIT-1090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14505#comment-14505 ] 

tyler.schoenke commented on BIT-1090:

Hi Seth,

I think you missed the part below where I said I modified the data structure to be a set of subnets.   Devices connecting to gihub has been firing the alert.  Since github has multiple IP ranges, I needed a set of subnets in order to effectively whitelist.  Once this is working, I think this change would be a good enhancement request for the existing detect-bruteforcing script.


> fatal error Val::CONVERTER
> --------------------------
>                 Key: BIT-1090
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1090
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.1
>         Environment: Ubuntu 10.04.03 LTS, bro 2.1-179
>            Reporter: tyler.schoenke
>         Attachments: my-detect-bruteforcing.bro, sigsup-ssh-pass2.bro
> Hi guys,
> I get the following message when I modified a data structure in detect-bruteforcing.bro.  I didn't get a chance to test against the current version, but did a quick check against the mailing lists and tracker and didn't see this issue mentioned.
> $ bro  my-detect-bruteforcing.bro sigsup-ssh-pass2.bro
> fatal error in ./sigsup-ssh-pass2.bro, line 2: Val::CONVERTER (types/table) (
> Here is the modification to detect-bruteforcing.bro:
> 	const ignore_guessers: table[subnet] of set[subnet] = {} &redef;
> I found the need to whitelist from a single host to multiple subnets instead of a single subnet.  The following minimal script will produce the error.
> cat sigsup-ssh-pass2.bro
> redef SSH::ignore_guessers = {
> 	[] = set( )
> };
> Any help would be appreciated.
> Thanks,
> Tyler

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list