weird.log message from bro
454 views
Skip to first unread message
olive
Sep 1, 2018, 6:36:30 PM9/1/18
to security-onion
Hello evry body,
I am doing a test in the detection of attack by bro sometime i have those message in the weird.log i want to know what the mean and what can be the cause of those message.
pleaz i want know what mean those n
dns_unmatched_msg
bad_TCP_checksum
truncated_tcp_payload
TCP_ack_underflow_or_misorder
inappropriate_FIN
dns_unmatched_reply
above_hole_data_without_any_acks
window_recision
I am doing a test in the detection of attack by bro sometime i have those message in the weird.log i want to know what the mean and what can be the cause of those message.
pleaz i want know what mean those n
dns_unmatched_msg
bad_TCP_checksum
truncated_tcp_payload
TCP_ack_underflow_or_misorder
inappropriate_FIN
dns_unmatched_reply
above_hole_data_without_any_acks
window_recision
Thanks
Wes Lambert
Sep 4, 2018, 8:39:36 AM9/4/18
to securit...@googlegroups.com
HI Olive,
Most of the time, the description is self-explanatory.
I would recommend you read through the Bro documentation and through the mailing list (and even google various concepts) to gain a better understanding of what Bro might be looking for/alerting on in these cases.
Ex.
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages