From 7edef1f2c4d2e36008c3caa2f09d9ee3aa9a17ca Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Tue, 18 Dec 2012 01:31:52 -0500
Subject: [PATCH] Disable the hook execution in the scan.bro script.  It's not
 working like I expected.

---
 scripts/policy/misc/scan.bro | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/policy/misc/scan.bro b/scripts/policy/misc/scan.bro
index a0228a7955..1def14d07e 100644
--- a/scripts/policy/misc/scan.bro
+++ b/scripts/policy/misc/scan.bro
@@ -148,10 +148,12 @@ function add_metrics(id: conn_id, reverse: bool)
 	#if ( |analyze_subnets| > 0 && host !in analyze_subnets )
 	#	return F;
 
-	if ( hook Scan::addr_scan_policy(scanner, victim, scanned_port) )
+	# Hooks don't seem to be working like I expected.  They'll have to wait a bit longer.
+	
+	#if ( hook Scan::addr_scan_policy(scanner, victim, scanned_port) )
 		Metrics::add_data("scan.addr.fail", [$host=scanner, $str=cat(scanned_port)], [$str=cat(victim)]);
 
-	if ( hook Scan::port_scan_policy(scanner, victim, scanned_port) )
+	#if ( hook Scan::port_scan_policy(scanner, victim, scanned_port) )
 		Metrics::add_data("scan.port.fail", [$host=scanner, $str=cat(victim)], [$str=cat(scanned_port)]);
 	}