From fc4fb4d409c43af8b9bdbd9d0cf8d9b742408f26 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 7 Aug 2024 11:35:17 +0200 Subject: Fixed probing attempt risk that was creating false positives --- tests/cfgs/default/result/check_mk_new.pcap.out | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/cfgs/default/result/check_mk_new.pcap.out') diff --git a/tests/cfgs/default/result/check_mk_new.pcap.out b/tests/cfgs/default/result/check_mk_new.pcap.out index cce06ab6d..847a2402b 100644 --- a/tests/cfgs/default/result/check_mk_new.pcap.out +++ b/tests/cfgs/default/result/check_mk_new.pcap.out @@ -24,4 +24,4 @@ CHECKMK 98 20242 1 Acceptable 98 20242 1 - 1 TCP 192.168.100.22:58998 <-> 192.168.100.50:6556 [proto: 138/CHECKMK][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: DataTransfer/4][49 pkts/3242 bytes <-> 49 pkts/17000 bytes][Goodput ratio: 0/81][0.04 sec][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/0 4/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/347 74/4162 1/758][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (k@Version)][Plen Bins: 73,0,4,0,0,4,0,2,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,6] + 1 TCP 192.168.100.22:58998 <-> 192.168.100.50:6556 [proto: 138/CHECKMK][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: DataTransfer/4][49 pkts/3242 bytes <-> 49 pkts/17000 bytes][Goodput ratio: 0/81][0.04 sec][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/0 4/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/347 74/4162 1/758][PLAIN TEXT (k@Version)][Plen Bins: 73,0,4,0,0,4,0,2,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,6] -- cgit v1.2.3