[Bro] [bro] ssh connetions.
Vlad Grigorescu
vladg at illinois.edu
Thu Mar 17 10:40:22 PDT 2016
Yes. A good example of this is if SSH compression is enabled.
I would hope that auth_success is set to "-" and not set to the
incorrect T or F state, but it's possible that there's some
server/client combination out there that's throwing off the detection.
If you are seeing such cases, please send a PCAP and I can look at
improving the detection.
--Vlad
Tim Desrochers <tgdesrochers at gmail.com> writes:
> [ text/plain ]
> Is it possible for someone to establish an SSH session but the bro log not to show “auth_success” as true.
>
> Thanks
> Tim
>
>
>
> [ text/plain ]
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160317/a5b6dab3/attachment-0001.bin
More information about the Bro
mailing list