[ https://bro-tracker.atlassian.net/browse/BIT-947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20232#comment-20232 ]
Robin Sommer commented on BIT-947: ---------------------------------- Should be fixed with new SSH code. > Incorrect size calculation for SSH failed/successful heuristic > -------------------------------------------------------------- > > Key: BIT-947 > URL: https://bro-tracker.atlassian.net/browse/BIT-947 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: git/master > Reporter: Vlad Grigorescu > Priority: Low > Fix For: 2.4 > > > We're getting a lot of false positives for successful SSH logins from a > source that we recently blackholed. I suspect what's happening is that the > retransmissions keep bumping up the size of the connection, until it crosses > the threshold for a "successful" connection. > With the changes from BIT-730: Find and fix tcp sequence counting bugs, is it > possible to improve the accuracy of the reported size? -- This message was sent by Atlassian JIRA (v6.4-OD-16-006#64014) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev