[
https://bro-tracker.atlassian.net/browse/BIT-947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20232#comment-20232
]
Robin Sommer commented on BIT-947:
----------------------------------
Should be fixed with new SSH code.
> Incorrect size calculation for SSH failed/successful heuristic
> --------------------------------------------------------------
>
> Key: BIT-947
> URL: https://bro-tracker.atlassian.net/browse/BIT-947
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Vlad Grigorescu
> Priority: Low
> Fix For: 2.4
>
>
> We're getting a lot of false positives for successful SSH logins from a
> source that we recently blackholed. I suspect what's happening is that the
> retransmissions keep bumping up the size of the connection, until it crosses
> the threshold for a "successful" connection.
> With the changes from BIT-730: Find and fix tcp sequence counting bugs, is it
> possible to improve the accuracy of the reported size?
--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
