[Bro-Dev] Port flipping
balint.martina at gmail.com
Fri May 22 04:47:11 PDT 2015
I have a problem where a connection missing its SYN is not flipped
correctly, because the client happened to choose a port that Bro thinks is
a server port (IRC, 6666). What is confusing me is the special case in
NetSessions::WantConnection() that prevents the flip. Your comments are
about avoiding being confused by stealth scans, but I think that the flip
will happen in every case except when the client is unlucky enough to use a
“server” port number. Given that is most of the time, why have the special
case at all?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bro-dev