[Bro-Dev] [JIRA] (BIT-1469) dpd.log contains lots of binpac exceptions for RDP

Seth Hall (JIRA) Fri, 04 Sep 2015 04:57:07 -0700

    [ 
https://bro-tracker.atlassian.net/browse/BIT-1469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21931#comment-21931
 ]


Seth Hall commented on BIT-1469:
--------------------------------

Does anyone have packets they can contribute that tickle this issue?  It would 
be nice to have an answer to Vlad's question on if these are packets that need 
to be reassembled.

> dpd.log contains lots of binpac exceptions for RDP
> --------------------------------------------------
>
>                 Key: BIT-1469
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1469
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: BinPAC, Bro
>    Affects Versions: git/master
>         Environment: RHEL  6.6, 2.4-10 bro build from git
>            Reporter: Gary Faulkner
>              Labels: analyzer
>             Fix For: 2.5
>
>         Attachments: rdp-31AUG15.pcap
>
>
> RDP scanners seem to generate a lot of binpac errors in dpd.log for RDP 
> connections.
> The following log line is an example of the error that repeats continuously 
> during the activity:
> 1441031469.413008     CPNcey4q2i8mGVUvEg      74.91.23.83     62082   
> 10.10.81.207    3389    tcp     RDP     Binpac exception: binpac exception: 
> out_of_bound: DT_Data:application_type: 3 > 2
> The 10.x.x.x IP is the redacted local IP. The other IP is the scanner.



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1469) dpd.log contains lots of binpac exceptions for RDP

Reply via email to