[Bro-Dev] [JIRA] (BIT-1090) fatal error Val::CONVERTER
tyler.schoenke (JIRA)
jira at bro-tracker.atlassian.net
Thu Oct 31 08:06:03 PDT 2013
[ https://bro-tracker.atlassian.net/browse/BIT-1090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14505#comment-14505 ]
tyler.schoenke commented on BIT-1090:
-------------------------------------
Hi Seth,
I think you missed the part below where I said I modified the data structure to be a set of subnets. Devices connecting to gihub has been firing the alert. Since github has multiple IP ranges, I needed a set of subnets in order to effectively whitelist. Once this is working, I think this change would be a good enhancement request for the existing detect-bruteforcing script.
Tyler
> fatal error Val::CONVERTER
> --------------------------
>
> Key: BIT-1090
> URL: https://bro-tracker.atlassian.net/browse/BIT-1090
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: 2.1
> Environment: Ubuntu 10.04.03 LTS, bro 2.1-179
> Reporter: tyler.schoenke
> Attachments: my-detect-bruteforcing.bro, sigsup-ssh-pass2.bro
>
>
> Hi guys,
> I get the following message when I modified a data structure in detect-bruteforcing.bro. I didn't get a chance to test against the current version, but did a quick check against the mailing lists and tracker and didn't see this issue mentioned.
> $ bro my-detect-bruteforcing.bro sigsup-ssh-pass2.bro
> fatal error in ./sigsup-ssh-pass2.bro, line 2: Val::CONVERTER (types/table) (10.0.0.1/32)
> Here is the modification to detect-bruteforcing.bro:
> const ignore_guessers: table[subnet] of set[subnet] = {} &redef;
> I found the need to whitelist from a single host to multiple subnets instead of a single subnet. The following minimal script will produce the error.
> cat sigsup-ssh-pass2.bro
> redef SSH::ignore_guessers = {
> [172.0.0.0/16] = set( 10.0.0.1/32 )
> };
> Any help would be appreciated.
> Thanks,
> Tyler
--
This message was sent by Atlassian JIRA
(v6.2-OD-01#6204)
More information about the bro-dev
mailing list