Fatema BW
Fatema BW
Recently saw some malicious traffic with invalid TFO (TCP Fast Open) cookie length - 2 bytes. This traffic was picked up by a suri alert for "TCP options invalid length"....
Recently we saw some legit connections from a client using source port 6669 connecting to a web server on port 80, Zeek missed the initial SYN from the client and...
Ported scripts to be able to run in Zeek 3.0 to use Broker communication FW, and removal of some old communication framework functions such as 'get_event_peer() and get_local_event_peer()'.