conn.py: handle checking binetflow icmp flows for telnet traffic

AlyaGomaa · AlyaGomaa · commit be788bd5e960 · 2024-12-12T01:03:49.000+02:00
diff --git a/modules/flowalerts/conn.py b/modules/flowalerts/conn.py
@@ -201,8 +201,14 @@ def check_unknown_port(self, profileid, twid, flow):
             return True
 
     def is_telnet(self, flow) -> bool:
+        try:
+            dport = int(flow.dport)
+        except ValueError:
+            # binetflow icmp ports are hex strings
+            return False
+
         telnet_ports = (23, 2323)
-        return int(flow.dport) in telnet_ports and flow.proto.lower() == "tcp"
+        return dport in telnet_ports and flow.proto.lower() == "tcp"
 
     def check_multiple_telnet_reconnection_attempts(
         self, profileid, twid, flow
