Project

General

Profile

Bug #5751 » DNP3ReassemblyError.json

Alex Lasky, 12/12/2022 09:43 PM

 
{"timestamp":"2022-12-12T13:37:23.190531+1100","flow_id":261497258224512,"in_iface":"igc0","event_type":"alert","src_ip":"10.250.1.29","src_port":20000,"dest_ip":"10.250.246.149","dest_port":20413,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2270001,"rev":3,"signature":"SURICATA DNP3 Length too small","category":"Generic Protocol Command Decode","severity":3},"dnp3":{"request":{"type":"request","control":{"dir":true,"pri":true,"fcb":false,"fcv":false,"function_code":4},"src":5,"dst":50029,"application":{"control":{"fir":true,"fin":true,"con":false,"uns":false,"sequence":14},"function_code":1,"objects":[{"group":50,"variation":1,"qualifier":7,"prefix_code":0,"range_code":7,"start":0,"stop":0,"count":1,"points":[{"prefix":0,"index":0,"timestamp":6610961695292}]},{"group":60,"variation":4,"qualifier":6,"prefix_code":0,"range_code":6,"start":0,"stop":0,"count":0},{"group":60,"variation":1,"qualifier":6,"prefix_code":0,"range_code":6,"start":0,"stop":0,"count":0}],"complete":true}}},"app_proto":"dnp3","flow":{"pkts_toserver":7,"pkts_toclient":13,"bytes_toserver":474,"bytes_toclient":3633,"start":"2022-12-12T13:34:23.174976+1100"},"payload":"BWT/RAUAbcMSRwQAAB4BAYTDhsMBoLsNAAGTQKC7DQABAAEAAB4FARnEIcT/NwEAAMBBAQAAAAABAAAAAAGodgAAAAABAAAAAAEAAAAAAQA05wAAAAEAAAAAAQAAAAAeBQGlUnrmeuYBAACcQh4FAWHqY+pXnAEAAHhCAQAALEIBSOG6QR5LkQIBW+te6wEBAAEpAAFvLgHyNPcBHgUBmeuZ6wEAADBCHgV+IQH96/3rAQAAOEIeBQFh7GEm8OwBAAAAAB4FAcXsxewBAAAPGwAAHgUBKe0p7QEAAAAAKAPZ1QEAAAAAAQAAAAAoAwHqA+370wMBM7GeRgEAAAAAATOxnkZdnwEAAAAAKAMBAQQBBAEAAADbRgAoAQF55nnmAQDSKgVkCUQFAG3DdhqFAAAA4O0=","stream":1}
{"timestamp":"2022-12-12T15:57:23.036899+1100","flow_id":2025539106246239,"in_iface":"igc0","event_type":"alert","src_ip":"10.250.1.21","src_port":20000,"dest_ip":"10.250.246.149","dest_port":20322,"proto":"TCP","tx_id":633,"alert":{"action":"allowed","gid":1,"signature_id":2270001,"rev":3,"signature":"SURICATA DNP3 Length too small","category":"Generic Protocol Command Decode","severity":3},"dnp3":{"request":{"type":"request","control":{"dir":true,"pri":true,"fcb":false,"fcv":false,"function_code":4},"src":5,"dst":50021,"application":{"control":{"fir":true,"fin":true,"con":false,"uns":false,"sequence":13},"function_code":1,"objects":[{"group":60,"variation":2,"qualifier":6,"prefix_code":0,"range_code":6,"start":0,"stop":0,"count":0},{"group":60,"variation":3,"qualifier":6,"prefix_code":0,"range_code":6,"start":0,"stop":0,"count":0},{"group":60,"variation":4,"qualifier":6,"prefix_code":0,"range_code":6,"start":0,"stop":0,"count":0},{"group":60,"variation":1,"qualifier":6,"prefix_code":0,"range_code":6,"start":0,"stop":0,"count":0}],"complete":true}}},"app_proto":"dnp3","flow":{"pkts_toserver":2692,"pkts_toclient":4503,"bytes_toserver":176294,"bytes_toclient":1236969,"start":"2022-12-12T13:33:12.069215+1100"},"payload":"BWT/RAUAZcOGKA4BAAA4Qh4FASntKe0BAADloCxCKAMBAAAAAAEAAAAAKAMT8wHpA/YDAQAAcEIBAAAAAAHv9wAANEIBAADwQQEAAPBBAQCkaABwQgEAAAAAAQAANEIBAAA/y/BBAQAA8EEBAACAPwEAAPBVckIBiKMzQgEAAAAAKAMB+AMwDwMEAQAAAAABAAAAAAEAAIAXWD8BAAAAQAEAAIBAARSuA0HfwAEAACBBAY/CjUEBj8KNQQE0vXE9Cj8BcT0KPwEAAAAAKAOS+wEFBAYEAQAAQEEBAAAAACiUegMBCwQLBAGagV5HKAMBeQUjLn4FAU1yBkcBAAAAQQGaHrCyNkYBAABAQQG+Fow+ASgLAz+qWCgBAXnmeeYBAAAqxgVkCEQFAGXDBcCPAACwKw==","stream":1}
(1-1/2)