Project

General

Profile

Actions
Copy link

Bug #1567

closed

TCP: Evasion issue

Added by Adrian Falk over 8 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

In some cases, sending error'ed packets to Suricata lead to it not detecting the app-layer session over TCP. I tested and confirmed that this issue exists in Suricata2.1 beta 4.

Have discussed this issue on the oisf-devel mailing list at https://lists.openinfosecfoundation.org/pipermail/oisf-devel/2015-July/003457.html so I will not repeat that information here.

Am creating this bug report to track this issue.

Actions
Copy link
 #1

Updated by Andreas Herz over 7 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions
Copy link
 #2

Updated by Andreas Herz almost 5 years ago

could you try to reproduce it with a current version and also provide a test.pcap? Thanks

Actions
Copy link
 #3

Updated by Andreas Herz over 4 years ago

@Victor you did the initial conversation, do you remember if this is fixed?

Actions
Copy link
 #4

Updated by Victor Julien over 2 years ago

  • Status changed from New to Closed
  • Assignee deleted (OISF Dev)
  • Target version deleted (TBD)

I don't remember any specifics and the emails on this don't contain a test case. I think we've fixed many issues in this area over the years, so I'm closing this ticket. If the issue isn't fixed, please reopen with a test case (pcap).

Actions
Copy link

Also available in: Atom PDF