[ https://bro-tracker.atlassian.net/browse/BIT-1344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20109#comment-20109 ]
Vlad Grigorescu commented on BIT-1344: -------------------------------------- {quote} is there a reason why you do not register the analyzer to port 22 by default? If I am not mistaken, the old one and basically all other protocol analyzers register to their well-known ports by default and just fail if they cannot parse the protocol. {quote} This is something I've actually been moving away from. If I have a high level of confidence in the DPD signature, I'd rather rely on that, since I believe it will be more efficient than to try to attach the analyzer to all traffic on that port, and wait for a violation. This was based off some informal discussions with Seth, but I'm happy to throw it out to bro-dev and see what others think. {quote} currently some of the texts in different files still state that login success/failure is determined by heuristics. Should we leave that text in or is it safe if I remove if while merging? {quote} Ah, good catch. We should remove it - in the base script, I adopted an attitude of "if we don't know for certain, let's just tell the user that it's unknown" instead of implementing any heuristics. I can go through and remove it as well, if you'd like me to. > New SSH Analyzer > ---------------- > > Key: BIT-1344 > URL: https://bro-tracker.atlassian.net/browse/BIT-1344 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: Bro > Affects Versions: 2.4 > Reporter: Vlad Grigorescu > Assignee: Johanna Amann > > The SSH analyzer was rewritten from scratch in topic/vladg/ssh. -- This message was sent by Atlassian JIRA (v6.4-OD-16-005#64014) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev