#947: Incorrect size calculation for SSH failed/successful heuristic ------------------------+--------------------- Reporter: grigorescu | Type: Problem Status: new | Priority: Low Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: ------------------------+--------------------- We're getting a lot of false positives for successful SSH logins from a source that we recently blackholed. I suspect what's happening is that the retransmissions keep bumping up the size of the connection, until it crosses the threshold for a "successful" connection.
With the changes from #730: Find and fix tcp sequence counting bugs, is it possible to improve the accuracy of the reported size? -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/947> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
