diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.bro
index 74da528007..fb18e0e598 100644
--- a/scripts/policy/protocols/conn/known-hosts.bro
+++ b/scripts/policy/protocols/conn/known-hosts.bro
@@ -43,7 +43,10 @@ event connection_established(c: connection) &priority=5
 	
 	for ( host in set(id$orig_h, id$resp_h) )
 		{
-		if ( host !in known_hosts && addr_matches_host(host, host_tracking) )
+		if ( host !in known_hosts && 
+		     c$orig$state == TCP_ESTABLISHED &&
+		     c$resp$state == TCP_ESTABLISHED &&
+		     addr_matches_host(host, host_tracking) )
 			{
 			add known_hosts[host];
 			Log::write(Known::HOSTS_LOG, [$ts=network_time(), $host=host]);