Reduce false positives

ilyaglow · Apr 20, 2019 · de7d376 · de7d376
1 parent d494319
commit de7d376
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/masscan.go b/masscan.go
@@ -19,6 +19,10 @@ func MasscanIdentifier(p gopacket.Packet) []string {
 		return nil
 	}
 
+	if tcp.SYN == false {
+		return nil
+	}
+
 	ipUint := binary.BigEndian.Uint32(ip4.DstIP)
 	want := ipUint ^ uint32(tcp.DstPort) ^ tcp.Seq
 

diff --git a/mirai.go b/mirai.go
@@ -20,6 +20,10 @@ func MiraiIdentifier(p gopacket.Packet) []string {
 		return nil
 	}
 
+	if tcp.SYN == false {
+		return nil
+	}
+
 	if binary.BigEndian.Uint32(ip4.DstIP) != tcp.Seq {
 		return nil
 	}