Fixed probing attempt risk that was creating false positives

2026-04-30 16:09:43 +00:00 · 2024-08-07 11:35:17 +02:00 · 2024-08-07 11:35:17 +02:00 · fc4fb4d409
commit fc4fb4d409
parent 653175e724
211 changed files with 3841 additions and 3850 deletions
--- a/tests/cfgs/default/result/ssh_unidirectional.pcap.out
+++ b/tests/cfgs/default/result/ssh_unidirectional.pcap.out
@ -24,4 +24,4 @@ SSH	13	938	1

 Acceptable                      13 938           1            

-	1	TCP 192.168.2.198:50306 <-> 192.168.2.1:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: RemoteAccess/12][7 pkts/476 bytes <-> 6 pkts/462 bytes][Goodput ratio: 0/13][0.55 sec][Hostname/SNI: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7][bytes ratio: 0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 109/182 321/324 136/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/77 78/105 4/14][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: SSH Probing][Plen Bins: 66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.2.198:50306 <-> 192.168.2.1:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: RemoteAccess/12][7 pkts/476 bytes <-> 6 pkts/462 bytes][Goodput ratio: 0/13][0.55 sec][Hostname/SNI: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7][bytes ratio: 0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 109/182 321/324 136/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/77 78/105 4/14][Plen Bins: 66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]