[Bro-Dev] [JIRA] (BIT-1138) UDP scan detection generates a large number of triggers
Aashish Sharma
asharma at lbl.gov
Tue Feb 18 15:38:20 PST 2014
I haven't got chance to measure if the fix is effective or not yet. I have
start measuring the CPU spikes in this week after putting in the fix for
scan_udp.bro. I should have some results in a couple of days.
Aashish
On Tue, Feb 18, 2014 at 2:19 PM, Jon Siwek (JIRA) <
jira at bro-tracker.atlassian.net> wrote:
>
> [
> https://bro-tracker.atlassian.net/browse/BIT-1138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15561#comment-15561]
>
> Jon Siwek commented on BIT-1138:
> --------------------------------
>
> This was from a custom script that Aashish was running, not something
> distributed w/ Bro?
>
> But yeah, I don't recall if we found out if the suggestions helped.
>
> > UDP scan detection generates a large number of triggers
> > -------------------------------------------------------
> >
> > Key: BIT-1138
> > URL: https://bro-tracker.atlassian.net/browse/BIT-1138
> > Project: Bro Issue Tracker
> > Issue Type: Problem
> > Components: Bro
> > Reporter: Robin Sommer
> > Fix For: 2.3
> >
> >
> > These triggers then cause high CPU load. We had a fix already but I'm
> not sure if it has been confirmed that it solved the problem?
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.2-OD-09-036#6252)
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20140218/96120bee/attachment.html
More information about the bro-dev
mailing list