From a119247dd3e56dc42b7689595ba53f2a590f3e02 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Thu, 19 Mar 2015 21:43:44 -0400 Subject: [PATCH] SSH: Ignore encrypted packets by default. --- scripts/base/protocols/ssh/main.bro | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 08f5eef38e..57f53a7125 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -49,8 +49,8 @@ export { ## If true, we tell the event engine to not look at further data ## packets after the initial SSH handshake. Helps with performance ## (especially with large file transfers) but precludes some - ## kinds of analyses. - const skip_processing_after_detection = F &redef; + ## kinds of analyses. Defaults to T. + const skip_processing_after_detection = T &redef; ## Event that can be handled to access the SSH record as it is sent on ## to the logging framework.