Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Disable the hook execution in the scan.bro script. It's not working like I expected.

Browse source
This commit is contained in:
Seth Hall 2012-12-18 01:31:52 -05:00
parent 69b7ce12d2
commit 7edef1f2c4
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/policy/misc/scan.bro
View file

@ -148,10 +148,12 @@ function add_metrics(id: conn_id, reverse: bool)
#if ( |analyze_subnets| > 0 && host !in analyze_subnets )
# return F;
if ( hook Scan::addr_scan_policy(scanner, victim, scanned_port) )
# Hooks don't seem to be working like I expected. They'll have to wait a bit longer.
#if ( hook Scan::addr_scan_policy(scanner, victim, scanned_port) )
Metrics::add_data("scan.addr.fail", [$host=scanner, $str=cat(scanned_port)], [$str=cat(victim)]);
if ( hook Scan::port_scan_policy(scanner, victim, scanned_port) )
#if ( hook Scan::port_scan_policy(scanner, victim, scanned_port) )
Metrics::add_data("scan.port.fail", [$host=scanner, $str=cat(victim)], [$str=cat(scanned_port)]);
}