Bug #141: new strange issue (no alert with two signature!) - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #141

closed

new strange issue (no alert with two signature!)

Added by rmkml rmkml about 14 years ago. Updated about 14 years ago.

Status:

Closed

Priority:

High

Assignee:

Victor Julien

Target version:

0.9.0

Affected Versions:

Effort:

Difficulty:

Label:

Description

Hi,
ok Im continue my small suricata testing,
with this two signature below, no firing:
alert udp any any -> any 53 (msg:"dns testing"; content:"|00 00|"; depth:5; offset:13; classtype:bad-unknown; sid:9436601; rev:1;)
alert tcp any 40 -> any any (msg:"abc"; flow:to_client,established; content:"ZDZADZA0"; classtype:attempted-dos; sid:1021292; rev:1;) {First signature is previously discussed on ticket #139}
Please this two signature with (same previous pcap on ticket #139) joigned hear.
If you comment second signature (alert tcp...), first signature alert firing, why??
Tested on suricata v0.8.2 release and git date 3 May 2010 (two version are same pb).
Regards
Rmkml

Files

Download all files

suricataudpdnsmodified2.pcap (118 Bytes) suricataudpdnsmodified2.pcap		rmkml rmkml, 05/04/2010 03:56 PM
suricata54-normal-vgdrd-log.txt (25 KB) suricata54-normal-vgdrd-log.txt	drd log from running the rules and pcap	Will Metcalf, 05/04/2010 05:22 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #141

new strange issue (no alert with two signature!)

Updated by Will Metcalf about 14 years ago

Updated by Will Metcalf about 14 years ago

Updated by Victor Julien about 14 years ago

Updated by Victor Julien about 14 years ago