Skip to content

rename dataset/test1-normal.nfdump to be malicious, it's not benign. #1896

Open
Open
rename dataset/test1-normal.nfdump to be malicious, it's not benign.#1896
Labels
Better-testsAn issue that is related to how we test slips, unit tests,integration test, CI
@AlyaGomaa

Description

@AlyaGomaa
AlyaGomaa
opened on Apr 16, 2026
  • port 902/TCP is ssh in that IP.
  • Since the source ports change, these are different connections. Since they change increasingly, this is repetition and automated
  • Since the size is ~60 bytes, these are not established connections, nor connections that put the password correctly, so they are attempts to connect to ssh and bruteforce the passwrod
  • The weird connections to 22/TCP are from the internet and also not with good passwords (too  small)
  • DNS is ok
  • Summary: this is an ssh brute force. So it is malicious or suspicioius.

be sure to update the documentation, and file name

Metadata

Metadata

Assignees

No one assigned

    Labels

    Better-testsAn issue that is related to how we test slips, unit tests,integration test, CI

    Type

    No type

    Projects

    Slips

    Status

    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions