[Bro-Dev] [JIRA] (BIT-1469) dpd.log contains lots of binpac exceptions for RDP
Seth Hall (JIRA)
jira at bro-tracker.atlassian.net
Fri Sep 4 04:56:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21931#comment-21931 ]
Seth Hall commented on BIT-1469:
--------------------------------
Does anyone have packets they can contribute that tickle this issue? It would be nice to have an answer to Vlad's question on if these are packets that need to be reassembled.
> dpd.log contains lots of binpac exceptions for RDP
> --------------------------------------------------
>
> Key: BIT-1469
> URL: https://bro-tracker.atlassian.net/browse/BIT-1469
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: BinPAC, Bro
> Affects Versions: git/master
> Environment: RHEL 6.6, 2.4-10 bro build from git
> Reporter: Gary Faulkner
> Labels: analyzer
> Fix For: 2.5
>
> Attachments: rdp-31AUG15.pcap
>
>
> RDP scanners seem to generate a lot of binpac errors in dpd.log for RDP connections.
> The following log line is an example of the error that repeats continuously during the activity:
> 1441031469.413008 CPNcey4q2i8mGVUvEg 74.91.23.83 62082 10.10.81.207 3389 tcp RDP Binpac exception: binpac exception: out_of_bound: DT_Data:application_type: 3 > 2
> The 10.x.x.x IP is the redacted local IP. The other IP is the scanner.
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
More information about the bro-dev
mailing list