[Bro] issues with binpac and bro 253
erik clark
philosnef at gmail.com
Fri May 25 09:35:41 PDT 2018
{"ts":1526476092.155226,"uid":"CLBfQGYsYuPPYghW6","id.orig_h":"10.171.248.5","id.orig_p":59860,"id.resp_h":"10.171.3.35","id.resp_p":5901,"proto":"tcp","analyzer":"RFB","failure_reason":"Binpac
exception: binpac exception: out_of_bound:
RFBVNCAuthenticationResponse:response: 16 > 4"}
{"ts":1526902777.802284,"uid":"CRbgOr2vlXZquGHbC4","id.orig_h":"10.171.253.5","id.orig_p":51389,"id.resp_h":"209.208.26.64","id.resp_p":1883,"proto":"tcp","analyzer":"MQTT","failure_reason":"Binpac
exception: binpac exception: out_of_bound: MQTT_string:str: 258 > 2"}
{"ts":1526385277.166233,"uid":"Cp5ewt2gFK34Hk2vSg","id.orig_h":"128.154.164.150","id.orig_p":59357,"id.resp_h":"10.171.253.18","id.resp_p":22,"proto":"tcp","analyzer":"SSH","failure_reason":"Binpac
exception: binpac exception: out_of_bound: SSH2_KEXINIT: -82 > 30"}
{"ts":1526385276.305273,"uid":"CEv2fC11PlksxaS5Tf","id.orig_h":"128.154.164.150","id.orig_p":59356,"id.resp_h":"10.171.253.15","id.resp_p":22,"proto":"tcp","analyzer":"SSH","failure_reason":"Binpac
exception: binpac exception: out_of_bound: SSH2_KEXINIT:cookie: 16 > 4"}
{"ts":1526385714.957199,"uid":"CKBKhA2vqPokc34a43","id.orig_h":"128.154.164.150","id.orig_p":59463,"id.resp_h":"10.171.253.6","id.resp_p":22,"proto":"tcp","analyzer":"SSH","failure_reason":"Binpac
exception: binpac exception: out_of_bound: SSH2_KEXINIT: -154 > 30"}
The ssh analyzer and rfb analyzer are both throwing binpac exceptions;
Also, so is the newly converted MQTT plugin that Seth built. Why are these
failing? I do not have pcap. I would like to know why the ssh analyzer
specifically would be failing. This is a new install of bro and we do not
have an old version on this network to compare dpd logs on. Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180525/18a014d2/attachment.html
More information about the Bro
mailing list