⚲
Project
General
Profile
Sign in
Register
Home
Projects
Help
Search
:
Suricata
All Projects
Suricata
Overview
Activity
Roadmap
Issues
Wiki
Files
Download (3.2 KB)
Bug #5751
» DNP3ReassemblyError.json
Alex Lasky
, 12/12/2022 09:43 PM
{
"timestamp"
:
"2022-12-12T13:37:23.190531+1100"
,
"flow_id"
:
261497258224512
,
"in_iface"
:
"igc0"
,
"event_type"
:
"alert"
,
"src_ip"
:
"10.250.1.29"
,
"src_port"
:
20000
,
"dest_ip"
:
"10.250.246.149"
,
"dest_port"
:
20413
,
"proto"
:
"TCP"
,
"tx_id"
:
1
,
"alert"
:{
"action"
:
"allowed"
,
"gid"
:
1
,
"signature_id"
:
2270001
,
"rev"
:
3
,
"signature"
:
"SURICATA DNP3 Length too small"
,
"category"
:
"Generic Protocol Command Decode"
,
"severity"
:
3
},
"dnp3"
:{
"request"
:{
"type"
:
"request"
,
"control"
:{
"dir"
:
true
,
"pri"
:
true
,
"fcb"
:
false
,
"fcv"
:
false
,
"function_code"
:
4
},
"src"
:
5
,
"dst"
:
50029
,
"application"
:{
"control"
:{
"fir"
:
true
,
"fin"
:
true
,
"con"
:
false
,
"uns"
:
false
,
"sequence"
:
14
},
"function_code"
:
1
,
"objects"
:[{
"group"
:
50
,
"variation"
:
1
,
"qualifier"
:
7
,
"prefix_code"
:
0
,
"range_code"
:
7
,
"start"
:
0
,
"stop"
:
0
,
"count"
:
1
,
"points"
:[{
"prefix"
:
0
,
"index"
:
0
,
"timestamp"
:
6610961695292
}]},{
"group"
:
60
,
"variation"
:
4
,
"qualifier"
:
6
,
"prefix_code"
:
0
,
"range_code"
:
6
,
"start"
:
0
,
"stop"
:
0
,
"count"
:
0
},{
"group"
:
60
,
"variation"
:
1
,
"qualifier"
:
6
,
"prefix_code"
:
0
,
"range_code"
:
6
,
"start"
:
0
,
"stop"
:
0
,
"count"
:
0
}],
"complete"
:
true
}}},
"app_proto"
:
"dnp3"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
13
,
"bytes_toserver"
:
474
,
"bytes_toclient"
:
3633
,
"start"
:
"2022-12-12T13:34:23.174976+1100"
},
"payload"
:
"BWT/RAUAbcMSRwQAAB4BAYTDhsMBoLsNAAGTQKC7DQABAAEAAB4FARnEIcT/NwEAAMBBAQAAAAABAAAAAAGodgAAAAABAAAAAAEAAAAAAQA05wAAAAEAAAAAAQAAAAAeBQGlUnrmeuYBAACcQh4FAWHqY+pXnAEAAHhCAQAALEIBSOG6QR5LkQIBW+te6wEBAAEpAAFvLgHyNPcBHgUBmeuZ6wEAADBCHgV+IQH96/3rAQAAOEIeBQFh7GEm8OwBAAAAAB4FAcXsxewBAAAPGwAAHgUBKe0p7QEAAAAAKAPZ1QEAAAAAAQAAAAAoAwHqA+370wMBM7GeRgEAAAAAATOxnkZdnwEAAAAAKAMBAQQBBAEAAADbRgAoAQF55nnmAQDSKgVkCUQFAG3DdhqFAAAA4O0="
,
"stream"
:
1
}
{
"timestamp"
:
"2022-12-12T15:57:23.036899+1100"
,
"flow_id"
:
2025539106246239
,
"in_iface"
:
"igc0"
,
"event_type"
:
"alert"
,
"src_ip"
:
"10.250.1.21"
,
"src_port"
:
20000
,
"dest_ip"
:
"10.250.246.149"
,
"dest_port"
:
20322
,
"proto"
:
"TCP"
,
"tx_id"
:
633
,
"alert"
:{
"action"
:
"allowed"
,
"gid"
:
1
,
"signature_id"
:
2270001
,
"rev"
:
3
,
"signature"
:
"SURICATA DNP3 Length too small"
,
"category"
:
"Generic Protocol Command Decode"
,
"severity"
:
3
},
"dnp3"
:{
"request"
:{
"type"
:
"request"
,
"control"
:{
"dir"
:
true
,
"pri"
:
true
,
"fcb"
:
false
,
"fcv"
:
false
,
"function_code"
:
4
},
"src"
:
5
,
"dst"
:
50021
,
"application"
:{
"control"
:{
"fir"
:
true
,
"fin"
:
true
,
"con"
:
false
,
"uns"
:
false
,
"sequence"
:
13
},
"function_code"
:
1
,
"objects"
:[{
"group"
:
60
,
"variation"
:
2
,
"qualifier"
:
6
,
"prefix_code"
:
0
,
"range_code"
:
6
,
"start"
:
0
,
"stop"
:
0
,
"count"
:
0
},{
"group"
:
60
,
"variation"
:
3
,
"qualifier"
:
6
,
"prefix_code"
:
0
,
"range_code"
:
6
,
"start"
:
0
,
"stop"
:
0
,
"count"
:
0
},{
"group"
:
60
,
"variation"
:
4
,
"qualifier"
:
6
,
"prefix_code"
:
0
,
"range_code"
:
6
,
"start"
:
0
,
"stop"
:
0
,
"count"
:
0
},{
"group"
:
60
,
"variation"
:
1
,
"qualifier"
:
6
,
"prefix_code"
:
0
,
"range_code"
:
6
,
"start"
:
0
,
"stop"
:
0
,
"count"
:
0
}],
"complete"
:
true
}}},
"app_proto"
:
"dnp3"
,
"flow"
:{
"pkts_toserver"
:
2692
,
"pkts_toclient"
:
4503
,
"bytes_toserver"
:
176294
,
"bytes_toclient"
:
1236969
,
"start"
:
"2022-12-12T13:33:12.069215+1100"
},
"payload"
:
"BWT/RAUAZcOGKA4BAAA4Qh4FASntKe0BAADloCxCKAMBAAAAAAEAAAAAKAMT8wHpA/YDAQAAcEIBAAAAAAHv9wAANEIBAADwQQEAAPBBAQCkaABwQgEAAAAAAQAANEIBAAA/y/BBAQAA8EEBAACAPwEAAPBVckIBiKMzQgEAAAAAKAMB+AMwDwMEAQAAAAABAAAAAAEAAIAXWD8BAAAAQAEAAIBAARSuA0HfwAEAACBBAY/CjUEBj8KNQQE0vXE9Cj8BcT0KPwEAAAAAKAOS+wEFBAYEAQAAQEEBAAAAACiUegMBCwQLBAGagV5HKAMBeQUjLn4FAU1yBkcBAAAAQQGaHrCyNkYBAABAQQG+Fow+ASgLAz+qWCgBAXnmeeYBAAAqxgVkCEQFAGXDBcCPAACwKw=="
,
"stream"
:
1
}
« Previous
1
2
Next »
(1-1/2)
Loading...