Bug #1567
closedTCP: Evasion issue
Description
In some cases, sending error'ed packets to Suricata lead to it not detecting the app-layer session over TCP. I tested and confirmed that this issue exists in Suricata2.1 beta 4.
Have discussed this issue on the oisf-devel mailing list at https://lists.openinfosecfoundation.org/pipermail/oisf-devel/2015-July/003457.html so I will not repeat that information here.
Am creating this bug report to track this issue.
Updated by Andreas Herz over 7 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Andreas Herz almost 5 years ago
could you try to reproduce it with a current version and also provide a test.pcap? Thanks
Updated by Andreas Herz over 4 years ago
@Victor you did the initial conversation, do you remember if this is fixed?
Updated by Victor Julien over 2 years ago
- Status changed from New to Closed
- Assignee deleted (
OISF Dev) - Target version deleted (
TBD)
I don't remember any specifics and the emails on this don't contain a test case. I think we've fixed many issues in this area over the years, so I'm closing this ticket. If the issue isn't fixed, please reopen with a test case (pcap).