Very long "named_pipe" in dce_rpc.log
BIT-1702
Broctl cron fails when run from crontab on BSD systems
BIT-1687
ssh_auth_failed raised multiple times in single connection
BIT-1641
Flare problem
BIT-1626
Broctl plugins in Bro plugins
BIT-1551
Val::CONVERTER Fatal Error - Sumstats Related
BIT-1346
Nessus scans cause bro to crash
BIT-1948
The plugin build system makes packaging bro difficult
BIT-1922
Buffer size warning from a compiler in string functions
BIT-1921
network_time() sometimes returns wall time if suspend_processing() and continue_processing() is used.
BIT-1861
different file hash between downloaded file by ANALYZER_EXTRACT with original file
BIT-1832
bro modbus parser bug
BIT-1829
Myricom plugin causes broctl to fail
BIT-1805
Please merge topic/johanna/gcc-6.2.1
BIT-1732
Please merge topic/johanna/freebsd-clang
BIT-1728
broctl fails to record bro port for standalone node
BIT-1726
Python 3 compatibility
BIT-1711
Python 3 compatibility
BIT-1710
missing uid field in SMB1 script
BIT-1688
Plugins that use a Net.h will not compile (missing openssl includes)
BIT-1654
Incorrect types for SYN_packet record
BIT-1650
broctl writes broctl-config.sh directly which causes consistency issues
BIT-1634
Logging node in cluster configuration
BIT-1627
Cluster stall with the use of opaque of cardinality
BIT-1612
Best way to configure BRO IDS 2.4.1 to capture from a Quad port Network card
BIT-1610
bro crashes at startup with broker disabled
BIT-1587
broker (bro 2.4.1) fails to build against Python 3.{3,4,5}
BIT-1554
capture loss and notice of `Conn::Content_Gap` are too many
BIT-1538
Hey Hi can someone help me? I need some tutorials about lunching attacks and after lunching attack how to detect it
BIT-1494
several tests are broken in scripts/policy/protocols/ssl
BIT-1467
tx_hosts and rx_hosts switched in files.log
BIT-1410
Logs disappearing on broctl restart
BIT-1396
Crash due to a bad dictionary insert
BIT-1345
IP_Hdr pointer do not propagate from udp to child analyzers via DeliverPacket method causing a segfault
BIT-1298
PktSrc rewrite introduces packet drops
BIT-1266
subinterface defns for dnacluster:21@x interfaces in lb_pf_ring.py not reset
BIT-1188
Memory Allocation bug in cq.c
BIT-1164
Logs disappearing after bro termination
BIT-1126
will not start
BIT-1111
BRO_DISABLE_BROXYGEN env variable not working
BIT-1110
/topic/jsiwek/misc-fixes
BIT-1105
Memory leak in Bro Intel framework
BIT-1103
Memory leak in sumstats (probably)
BIT-1058
HTTP bogus events
BIT-1022
Uninitialized memory error in optimized mode
BIT-1004
topic/dnthayer/cleanup3
BIT-998
CPU pinning
BIT-996
Bro core leak caused by sumstats framework
BIT-987
Deep typing bug
BIT-983
broctl stop/restart eating logs?
BIT-970
issue 1 of 1985

Very long "named_pipe" in dce_rpc.log

Description

Something in the DCE_RPC analyzer is failing and it's parsing some field incorrectly. This is leading to users seeing extremely long values in the "named_pipe" field in their dce_rpc.log which makes the log excessively large.

This is an issue in the beta that needs fixed before the 2.5 release. At this time we're actively soliciting testers for a PCAP that replicates the problem so we can get this fixed ASAP.

Environment

None

Assignee

Seth Hall

Reporter

Seth Hall

Labels

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Critical
Configure