[Bro-Dev] [JIRA] (BIT-1528) SNMP and SIP scans show up in known services.

Justin Azoff (JIRA) jira at bro-tracker.atlassian.net
Thu Jan 21 11:40:00 PST 2016


Justin Azoff created BIT-1528:
---------------------------------

             Summary: SNMP and SIP scans show up in known services.
                 Key: BIT-1528
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1528
             Project: Bro Issue Tracker
          Issue Type: Problem
          Components: Bro
    Affects Versions: 2.4
            Reporter: Justin Azoff
            Assignee: Vlad Grigorescu
             Fix For: 2.5


It appears that single packet SIP and SNMP scans cause the destination host to end up in known_services as running a SIP or SNMP service, even though they are not running that service and did not respond to the packet.



--
This message was sent by Atlassian JIRA
(v7.1.0-OD-05-006#71001)


More information about the bro-dev mailing list