[Bro-Dev] [JIRA] (BIT-1528) SNMP and SIP scans show up in known services.

Vlad Grigorescu (JIRA) jira at bro-tracker.atlassian.net
Thu Mar 24 09:29:03 PDT 2016

    [ https://bro-tracker.atlassian.net/browse/BIT-1528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=25201#comment-25201 ] 

Vlad Grigorescu commented on BIT-1528:

Completed in topic/vladg/bit-1528.

> SNMP and SIP scans show up in known services.
> ---------------------------------------------
>                 Key: BIT-1528
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1528
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.4
>            Reporter: Justin Azoff
>            Assignee: Vlad Grigorescu
>             Fix For: 2.5
> It appears that single packet SIP and SNMP scans cause the destination host to end up in known_services as running a SIP or SNMP service, even though they are not running that service and did not respond to the packet.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list