Project

General

Profile

Actions
Copy link

Bug #1161

closed
VJ TD

eve: src and dst mixed up in some cases

Bug #1161: eve: src and dst mixed up in some cases

Added by Victor Julien about 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
High
Assignee:
Tom DeCanio
Target version:
2.0.1rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

It seems that in some cases the src and dst ip and ports and in the reverse order.

CV Updated by Christophe Vandeplas about 12 years ago Actions
Copy link
 #1

Here's my analysis and remarks with the different event_types and the patch from https://github.com/inliniac/suricata/pull/915

http - src/dst switched => Patch OK
http - length = is this the size from client to server or from server to client? What with the other one ? In HTTP POST (for example) it's important to know client-to-server.

fileinfo - toserver - probably not needed => probably out of scope, or otherwise content type must be decoded to be of any use
fileinfo - toclient - src/dst switched => Patch OK

dns - type:query - src/dst switched => Patch OK
dns - type:answer - src/dst correct => Patch ERROR

VJ Updated by Victor Julien almost 12 years ago Actions
Copy link
 #2

  • Priority changed from Normal to High

VJ Updated by Victor Julien almost 12 years ago Actions
Copy link
 #3

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: PDF Atom