Project

General

Profile

Actions
Copy link

Bug #1238

closed

Possible evasion in stream-tcp-reassemble.c

Added by JmpCallPoo . almost 10 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
2.0.3
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hello,

A possible evasion exist in Suricata.
The client can send a fake ACK whith a very low window size, to flag the stream as STREAMTCP_STREAM_FLAG_GAP.

This will be more clear with the PoC in attachement.

@JmpCallPoo .

Files

Download all files
deseq_ACK.py (1.73 KB) deseq_ACK.py JmpCallPoo ., 07/16/2014 06:42 AM
deseq_ACK.py (1.72 KB) deseq_ACK.py Clean one JmpCallPoo ., 07/16/2014 09:30 AM
Actions
Copy link

Also available in: Atom PDF