[Bro-Dev] [JIRA] (BIT-1411) SQL_Injection_Victim is a misleading name
Vern Paxson (JIRA)
jira at bro-tracker.atlassian.net
Tue Sep 8 21:40:01 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22013#comment-22013 ]
Vern Paxson commented on BIT-1411:
----------------------------------
I fully agree with the rationale behind splitting it - just want the name to not imply that the attack has been successful. So changing Victim to Target should do the trick.
(Also, FWIW, our paper on detecting distributed SSH bruteforcing [http://www.icir.org/vern/papers/dist-ssh-det.ccs13.pdf] might be useful fodder for thinking about the general problem of detecting attacks distributed across a bunch of sources.)
> SQL_Injection_Victim is a misleading name
> -----------------------------------------
>
> Key: BIT-1411
> URL: https://bro-tracker.atlassian.net/browse/BIT-1411
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Reporter: Vern Paxson
>
> I suggest changing the name of this notice to {{SQL_Injection_Target}}. Having "victim" in the name implies to me that the attack succeeded, which is not what the associated logic is about.
> Indeed, I even wonder if this notice is useful. The information should be directly available from {{SQL_Injection_Attacker}} notices (though it doesn't appear to be currently set up to provide this - why not?).
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-04-018#70102)
More information about the bro-dev
mailing list