[Bro-Dev] [JIRA] (BIT-1469) dpd.log contains lots of binpac exceptions for RDP

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Fri Sep 4 04:56:00 PDT 2015

    [ https://bro-tracker.atlassian.net/browse/BIT-1469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21931#comment-21931 ] 

Seth Hall commented on BIT-1469:

Does anyone have packets they can contribute that tickle this issue?  It would be nice to have an answer to Vlad's question on if these are packets that need to be reassembled.

> dpd.log contains lots of binpac exceptions for RDP
> --------------------------------------------------
>                 Key: BIT-1469
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1469
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: BinPAC, Bro
>    Affects Versions: git/master
>         Environment: RHEL  6.6, 2.4-10 bro build from git
>            Reporter: Gary Faulkner
>              Labels: analyzer
>             Fix For: 2.5
>         Attachments: rdp-31AUG15.pcap
> RDP scanners seem to generate a lot of binpac errors in dpd.log for RDP connections.
> The following log line is an example of the error that repeats continuously during the activity:
> 1441031469.413008	CPNcey4q2i8mGVUvEg	62082	3389	tcp	RDP	Binpac exception: binpac exception: out_of_bound: DT_Data:application_type: 3 > 2
> The 10.x.x.x IP is the redacted local IP. The other IP is the scanner.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list